Fortinet Vulnerability in FortiOS – heap-based buffer overflow in sslvpnd

a glowing red shield with a red virus bug hovering above a circuit board

Dec 12, 2022 by Leah Weisman

This just in: there is a significant vulnerability in FortiOS versions 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0 that allow a bad actor to execute unauthorized code or commands via the SSL VPN.

At this time it appears that only those utilizing the SSL VPN may be affected, but we still urge you to do the below check and upgrade your FortiOS.

In this announcement, Fortinet urges you validate your systems against the following indicators of compromise:

Multiple log entries with:
Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“

Presence of the following artifacts in the filesystem:
/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

Connections to suspicious IP addresses from the FortiGate:
188.34.130.40:444
103.131.189.143:30080,30081,30443,20443
192.36.119.61:8443,444
172.247.168.153:8033

We then recommend you upgrade to the latest version of FortiOS 7.0, 7.2 or 6.4 as soon as possible as these versions contain a fix.

In order to protect your business, employees, and IT infrastructure you must take a proactive approach. Through the use of Layered Security Strategy, our experts can ensure that your assets are properly protected and secure. Reach out to us if you’d like to learn more by using the information below!

If in this process you discover you have been compromised or that you need assistance upgrading your FortiOS, please call us immediately at 502-240-0404 so we can help you stop any nefarious attack.

Press enter to search