Skip to main content

Critical severity vulnerability in Fortinet FortiOS SSL-VPN

The Australian Cyber Security Centre (ACSC) is aware of a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. All Australian organisations should apply the available patch immediately.

Alert status

This Alert is relevant to organisations who deploy FortiOS to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems – there is no action for the end users to take.

Background / What has happened?

A heap-based buffer overflow vulnerability (CVE-2022-42475) has been identified in multiple versions of Fortinet FortiOS SSL-VPN.

FortiOS SSL-VPN is widely used by organisations to securely grant users remote access to their network, including allowing users to work from home.

Exploitation of this vulnerability could allow a malicious actor to gain remote code execution rights on the host running FortiOS and perform unauthorised actions. Additionally, the vulnerability can be used to crash the application (denial of service).

Fortinet reports the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.

Affected Australian organisations should apply the available patch immediately, and investigate for signs of compromise.

Mitigation / How do I stay secure?

Australian organisations that use FortiOS should read Fortinet Product Security Incident Response Team (PSIRT) Advisory FG-IR-22-398 and take the recommended actions.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).


Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it