{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T03:24:51.957","vulnerabilities":[{"cve":{"id":"CVE-2022-42475","sourceIdentifier":"psirt@fortinet.com","published":"2023-01-02T09:15:09.490","lastModified":"2025-10-24T12:54:20.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier  and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests."},{"lang":"es","value":"Una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico [CWE-122] en FortiOS SSL-VPN 7.2.0 a 7.2.2, 7.0.0 a 7.0.8, 6.4.0 a 6.4.10, 6.2.0 a 6.2.11, 6.0 .15 y anteriores y FortiProxy SSL-VPN 7.2.0 hasta 7.2.1, 7.0.7 y anteriores pueden permitir que un atacante remoto no autenticado ejecute código o comandos arbitrarios a través de solicitudes específicamente manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"cisaExploitAdd":"2022-12-13","cisaActionDue":"2023-01-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-197"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.0.14","matchCriteriaId":"5BB7E21E-A68B-44FC-8F0E-EF5926186F26"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.0","versionEndIncluding":"5.2.15","matchCriteriaId":"3F93F9C8-6064-4CED-88DF-3580C517AB51"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndIncluding":"5.4.13","matchCriteriaId":"0507F264-9E8D-4F9D-AB18-0C6CA5BD69F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.14","matchCriteriaId":"AC0AFBC1-5C11-412E-9979-AF89DD26EFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.16","matchCriteriaId":"795298D3-0C06-471C-87E2-2D04AC190EAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.12","matchCriteriaId":"F6785608-14A0-4825-BEC0-899E55A9FDF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.11","matchCriteriaId":"55E67EF5-6AF0-410A-BDE7-CF745ED97328"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.9","matchCriteriaId":"C424900B-9A5E-440C-996B-2CF426F2CAA3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.3","matchCriteriaId":"00E89C95-E9FB-473A-BEB0-FA8E7225AC55"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.0.7","matchCriteriaId":"22936F53-4480-4011-9211-174D1C507E87"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndIncluding":"1.1.6","matchCriteriaId":"E6BBF05F-4967-4A2E-A8F8-C2086097148B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndIncluding":"1.2.13","matchCriteriaId":"33B84D9A-55E3-4146-A55A-ACB507E61B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.12","matchCriteriaId":"954674E3-7E54-4D94-80DE-CB73AE0452EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.8","matchCriteriaId":"81E60913-FBE9-467B-AB4B-CA85E97527BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.2","matchCriteriaId":"F5B24750-4A57-4F80-AAE8-8AC316B376C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.15","matchCriteriaId":"77974073-D92D-4EB8-854F-A6DCCD13C868"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.12","matchCriteriaId":"F6785608-14A0-4825-BEC0-899E55A9FDF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.10","matchCriteriaId":"6A7730E2-63AD-48F2-AE0A-6C8C9369A734"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.8","matchCriteriaId":"EE6D1D19-1227-42BE-87A7-E798D60059A5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:*","matchCriteriaId":"689B8A1F-112D-42CE-A29B-692EF00150AD"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:*","matchCriteriaId":"33603726-AB6B-4773-904E-DE103CDCEA70"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:*","matchCriteriaId":"DB6056EE-E76C-4064-B252-E0D65A1CBFBB"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:*","matchCriteriaId":"43DF83AC-1B86-4C45-B5A3-EF56B65C9BF7"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:*","matchCriteriaId":"F7BAD653-D841-4744-AE85-C24FC1F3F6DF"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:*","matchCriteriaId":"8ADCB4F1-E237-4525-95C4-2C8EFDD7A109"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:*","matchCriteriaId":"BB61396B-D9EF-44DE-B211-E92EF5A52888"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:*","matchCriteriaId":"1AD28C00-00CC-433F-BD7B-AC58254E4785"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:*","matchCriteriaId":"1A72901A-EA5B-48B0-9D0B-A8CD8903413C"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:*","matchCriteriaId":"D56B4C97-9BC9-4FB9-9623-F2897050FE8B"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*","matchCriteriaId":"50EFCC23-1135-4BC9-B180-E9045030C844"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:*","matchCriteriaId":"1E355C55-4CAA-4875-95F6-FCF3D360039F"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:*","matchCriteriaId":"ACBFBDDC-1BD8-48AA-85A3-AA727C466C8D"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:*","matchCriteriaId":"A56F4F2D-BE9B-458C-B906-017D14DEABBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:*","matchCriteriaId":"DEADC8C2-1DB4-4CB9-A014-7EF279C03C08"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:*","matchCriteriaId":"A6BBD9D7-5F9B-4438-91F9-EB496C8186C5"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:*","matchCriteriaId":"187AAEF7-3FBF-488C-9935-2FA15D131228"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:*","matchCriteriaId":"D9294854-FC23-4682-A695-325CA3347F37"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:*","matchCriteriaId":"CAFABB00-194B-41E4-940C-A5CF3A9CECEB"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:*","matchCriteriaId":"B2CC0365-4336-4700-9A29-1AEA0CA781AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:*","matchCriteriaId":"D7E4F7F8-50E4-4774-B1E7-13DC1A289104"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-398","source":"psirt@fortinet.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-22-398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}