{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-42475","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-10-07T14:05:36.301Z","datePublished":"2023-01-02T08:18:49.444Z","dateUpdated":"2025-10-21T23:15:29.105Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.7","status":"affected"},{"versionType":"semver","version":"2.0.0","lessThanOrEqual":"2.0.11","status":"affected"},{"versionType":"semver","version":"1.2.0","lessThanOrEqual":"1.2.13","status":"affected"},{"versionType":"semver","version":"1.1.0","lessThanOrEqual":"1.1.6","status":"affected"},{"versionType":"semver","version":"1.0.0","lessThanOrEqual":"1.0.7","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.2","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.8","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.10","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.15","status":"affected"},{"versionType":"semver","version":"5.6.0","lessThanOrEqual":"5.6.14","status":"affected"},{"versionType":"semver","version":"5.4.0","lessThanOrEqual":"5.4.13","status":"affected"},{"versionType":"semver","version":"5.2.0","lessThanOrEqual":"5.2.15","status":"affected"},{"versionType":"semver","version":"5.0.0","lessThanOrEqual":"5.0.14","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier  and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-01-02T08:18:49.444Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-197","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.3,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiOS version 7.2.3 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.11 or above\r\nPlease upgrade to FortiOS version 6.2.12 or above\r\nPlease upgrade to FortiOS version 6.0.16 or above\r\nPlease upgrade to upcoming FortiOS-6K7K version 7.0.8 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.15 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to upcoming FortiProxy version 2.0.12 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-398","url":"https://fortiguard.com/psirt/FG-IR-22-398"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T13:10:40.927Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-398","url":"https://fortiguard.com/psirt/FG-IR-22-398","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-42475","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-10-23T13:26:56.926267Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2022-12-13","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475","tags":["government-resource"]}],"timeline":[{"time":"2022-12-13T00:00:00.000Z","lang":"en","value":"CVE-2022-42475 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:15:29.105Z"}}]}}