9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.387 Low
EPSS
Percentile
96.8%
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Recent assessments:
ccondon-r7 at December 13, 2022 2:02pm UTC reported:
Heap-based buffer overflow in the sslvpnd
component of Fortinet SSL VPNs. Fortinet disclosed publicly on December 12 with a note that it had been exploited in the wild, evidently after putting out a private warning to customers the week prior. Since then, thereโs been community discussion about whether this was exploited as 0day or not, as the vendor evidently silently patched the vuln roughly two weeks before public disclosure (giving attackers plenty of time to reverse the patch before many customers were aware there was a problem).
Heap-based BOF probably isnโt quite as easily exploitable as, say, a stack-based cousin. Even if this wasnโt true 0day, my bets are on an advanced and/or state-sponsored threat actor being the culprit for initial exploitation. Not sure weโll see mass exploitation right away, or even at allโฆunless of course someone figures out where the bug lives and develops a public exploit, in which case, the exploitability rating on this will ratchet up. The attacker value of compromising a Fortinet device is high enough to motivate folks.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.387 Low
EPSS
Percentile
96.8%