Many versions of Fortinet’s popular Fortigate firewall have a heap buffer overflow vulnerability that attackers have already exploited in the wild.
The company said on Monday that the vulnerability affects a number of versions of FortiOS, the operating system for its FortiGuard appliances, and is in the SSL VPN functionality of the appliances.
“A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests,” the Fortinet advisory says.
“Fortinet is aware of an instance where this vulnerability was exploited in the wild.”
The flaw affects versions FortiOS 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, FortiOS-6K7K version 7.0.0 through 7.0.7, version 6.4.0 through 6.4.9, version 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14.
The company has released updates for all of the affected versions and is encouraging all affected customers to upgrade as soon as possible. The company did not provide any further context about the known exploitation of the vulnerability (CVE-2022-42475).
There are some known indicators of compromise, including the presence of any of these in the appliance’s file system:
/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash
