Template / PR Information

• Added CVE-2022-42475
• References:
• https://www.fortiguard.com/psirt/FG-IR-22-398
• https://bishopfox.com/blog/exploit-cve-2022-42475
• https://labs.watchtowr.com/fortinet-no-more-funny-titles-cve-2022-42475/

Template for CVE-2022-42475 Although actual exploitation requires far more than in this script, this vulnerability can be confirmed by sending POST request to SSL-VPN endpoint with Content-Length: 4294967297 . On affected devices connection is suddenly dropped, and sslvpnd process crashes on FortiGate. Tested on 2 VM imagess FGT_VM64_HV-v7.2.2.F-build1255-FORTINET and FGT_VM64_HV-v7.2.3.F-build1262-FORTINET Note: VM image on free trial is very limited in terms of supported encryption, so I had to run nuclei in Debian 9 VM, because any modern OS doesn’t support such weak ciphers.

Template Validation

I’ve validated this template locally?

• YES
• NO

On version 7.2.2: $ nuclei -u https://192.168.50.105:4443 -code -t CVE-2022-42475.yaml -debug log: v7.2.2.txt Version 7.2.3: $ nuclei -u https://192.168.50.112:8443 -code -t CVE-2022-42475.yaml -debug log: v7.2.3.txt

Additional Details (leave it blank if not applicable)

/claim #10897

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server