Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-42475 PoC — Fortinet FortiOS 缓冲区错误漏洞

Source
https://github.com/bryanster/ioc-cve-2022-42475
Associated Vulnerability
Title:Fortinet FortiOS 缓冲区错误漏洞 (CVE-2022-42475)
Description:A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Description
test for the ioc described for FG-IR-22-398
Readme
# ioc-cve-2022-42475
a simple util that uses ssh to check for the ioc's noted in [fortiguard](https://www.fortiguard.com/psirt/FG-IR-22-398).  
it uses ssh and runs the commands described on [fortinet forum](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420).  

## build
git clone the project.  
this is developed on 1.66.1.

build using cargo:   

    cargo build --release

## run
after building it runs like any other commandline utility.  

    ./ioc-cve-2022-42475


it wil return true on any of the ioc matches.
File Snapshot

 [4.0K]  /data/pocs/827eb540257f26b0ea2158cb650286135fb4339a
├── [5.0K]  Cargo.lock
├── [ 221]  Cargo.toml
├── [1.5K]  License
├── [ 591]  README.md
└── [4.0K]  src
    └── [3.5K]  main.rs

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →