-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-42475 - Heap-based Buffer Overflow in Fortinet SSL-VPN #10897
Comments
/bounty 200$ |
💎 $200 bounty • ProjectDiscovery Bounty Available for CVE Template ContributionSteps to Contribute:
Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!
Add a bounty • Share on socials
|
/attempt #10897
|
/attempt #10897 Options |
Note The user @rogueloop is already attempting to complete issue #10897 and claim the bounty. We recommend checking in on @rogueloop's progress, and potentially collaborating, before starting a new solution. |
http/exposed-panels/fortinet/fortios-panel.yaml |
@rogueloop: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
I think is impossible to make template for this cve , the base address of libc is hard coded. all base address are copied from all cve exploit (POC) you find on github are copied from scrt . POC
base address
scrt he did not offer any explanation at "Question about libc offset (0xc48 and 0xd38)" to the question asked by mekhalleh |
@anuj846k: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
The bounty is up for grabs! Everyone is welcome to |
/attempt #10897 Options |
@charlesmigel: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
The bounty is up for grabs! Everyone is welcome to |
Is there an existing template for this?
Template requests
Title: CVE-2022-42475 - Heap-based Buffer Overflow in Fortinet SSL-VPN
Description:
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN (versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier) and FortiProxy SSL-VPN (versions 7.2.0 through 7.2.1, 7.0.7 and earlier) may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Severity: Critical (CVSS 9.8)
POC:
References:
Fortinet Advisory
Shodan Query:
port:10443 http.favicon.hash:945408572
cpe:"cpe:2.3:o:fortinet:fortios"
http.html:"/remote/login" "xxxxxxxx"
CPE:
Anything else?
No response
The text was updated successfully, but these errors were encountered: