Patch Now: Forti-OS Security Update for CVE-2022-42475

January 19th, 2023

A critical heap overflow vulnerability in Fortinet FortiOS SSL VPN (CVE-2022-42475) was disclosed in December. Exploitation results in unauthenticated remote code execution via crafted requests. The flaw was observed being exploited to attack a Managed Service Provider, amongst other victims. In the cases examined by Mandiant, exploitation led to a BOLDMOVE malware infection on, and specifically designed for, Fortinet firewalls.

CISA warned of active exploitation of the flaw in December 2022 and encouraged application of the security update. Mandiant’s research concluded that exploitation could have been occurring as early as October of 2022. This Fortinet PSIRT is a PATCH NOW situation.

-Kaseya Vulnerability Management Team

Security Advisories Archives

RSS Feed

To View the RSS Feed of our advisory postings, please input this link into your feed reader.

audIT

Powered Services Pro

BMS

ConnectBooster

Datto Autotask PSA

BMS

Datto Autotask PSA

Vorex

BullPhish ID

Dark Web ID

Datto Autotask PSA

Datto Backup Appliances

Datto Backup for Microsoft Azure

Datto RMM

Datto Secure Edge

IT Glue

Managed SOC

VSA

vPenTest

Datto Backup Appliances

Unitrends Backup Appliances

Datto Backup for Microsoft Azure

Unitrends Backup for Microsoft Azure

Datto Edge Routers

Datto Secure Edge

Datto Switches

Datto WiFi

Datto Endpoint Backup with Disaster Recovery

Datto File Protection

Unitrends Endpoint Backup with Disaster Recovery

Datto RMM

VSA

Traverse

Graphus

IT Glue

MyGlue

Network Glue

Network Detective Pro

vPenTest

Datto Networking and VSA 10: Your Shortcut to Smarter Networks

What Is Allowlisting?

Automating Foundational Cybersecurity with VSA

Security Advisory

Patch Now: Forti-OS Security Update for CVE-2022-42475