VDB

CISA-2022-42475

CISA-2022-42475 PUBLISHED CVSS 9.3 CRITICAL

Reported by fortinet · Published January 2, 2023

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Risk Scores

CVSS 3.1
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Affected Products

VendorProductVersions
FortinetFortiProxy7.2.0, 7.0.0, 2.0.0
FortinetFortiOS7.2.0, 7.0.0, 6.4.0
FortinetFortiOS7.2.0, 7.0.0, 6.4.0
FortinetFortiProxy7.2.0, 7.0.0, 2.0.0

Timeline

  • Jan 2, 2023 CVE Published
  • Oct 21, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›