This Alert is relevant to organisations who deploy FortiOS to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems - there is no action for the end users to take.
Background / What has happened?
A heap-based buffer overflow vulnerability (CVE-2022-42475) has been identified in multiple versions of Fortinet FortiOS SSL-VPN.
FortiOS SSL-VPN is widely used by organisations to securely grant users remote access to their network, including allowing users to work from home.
Exploitation of this vulnerability could allow a malicious actor to gain remote code execution rights on the host running FortiOS and perform unauthorised actions. Additionally, the vulnerability can be used to crash the application (denial of service).
Fortinet reports the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.
Affected Australian organisations should apply the available patch immediately, and investigate for signs of compromise.
Mitigation / How do I stay secure?
Australian organisations that use FortiOS should read Fortinet Product Security Incident Response Team (PSIRT) Advisory FG-IR-22-398 and take the recommended actions.
- The PSIRT Advisory is available here: https://www.fortiguard.com/psirt/FG-IR-22-398
