CVE-2022-42475
Fortinet / FortiOS
Ransomware campaign
Added 2022-12-13
Due 2023-01-03
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Required action
Apply updates per vendor instructions.
Notes: https://www.fortiguard.com/psirt/FG-IR-22-398; https://nvd.nist.gov/vuln/detail/CVE-2022-42475
Metadata
| Added to KEV | 2022-12-13 |
| Remediation due | 2023-01-03 |
| Ransomware use | Known |
| CWEs | CWE-197 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.