Fortinet FortiOS: CVE-2022-42475: Heap-based buffer overflow in sslvpnd

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.Exploitation status:Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise:Multiple log entries with:Logdesc=Application crashed and msg=[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]Presence of the following artifacts in the filesystem:/data/lib/libips.bak/data/lib/libgif.so/data/lib/libiptcp.so/data/lib/libipudp.so/data/lib/libjepg.so/var/.sslvpnconfigbk/data/etc/wxd.conf/flashConnections to suspicious IP addresses from the FortiGate:188.34.130.40:444103.131.189.143:30080,30081,30443,20443193.36.119.61:8443,444172.247.168.153:8033139.180.184.19766.42.91.32158.247.221.101107.148.27.117139.180.128.142155.138.224.122185.174.136.20For more information on how to check for the presence of the indicators of compromise above, please visit this Knowledge Base entry, and contact customer support for assistance. Workaround:Disable SSL-VPN.Changelog:2022-12-12: Added FOS6k/k 2022-12-22: Added FortiProxy2022-12-27: Corrected typo in IOCs: 192.36.119.61 => 193.36.119.61