First published: 13 Dec 2022
Last updated: 13 Dec 2022

Content written for

Small & medium business
Large organisations & infrastructure
Government

This Alert is relevant to organisations who deploy FortiOS to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems – there is no action for the end users to take.

Background / What has happened?

A heap-based buffer overflow vulnerability (CVE-2022-42475) has been identified in multiple versions of Fortinet FortiOS SSL-VPN.

FortiOS SSL-VPN is widely used by organisations to securely grant users remote access to their network, including allowing users to work from home.

Exploitation of this vulnerability could allow a malicious actor to gain remote code execution rights on the host running FortiOS and perform unauthorised actions. Additionally, the vulnerability can be used to crash the application (denial of service).

Fortinet reports the vulnerability may have been exploited in the wild. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of successful exploitation attempts against Australian organisations.

Affected Australian organisations should apply the available patch immediately, and investigate for signs of compromise.

Mitigation / How do I stay secure?

Australian organisations that use FortiOS should read Fortinet Product Security Incident Response Team (PSIRT) Advisory FG-IR-22-398 and take the recommended actions.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it