M247 Security Alert – Fortinet Vulnerability CVE-2022-42475 - Major Issue
M247 have been made aware and are currently investigating the Fortinet CVE-2022-42475 Published on 13/12/2022. This is a critical Vulnerability scoring 9.3 CVSS and is actively being exploited.
This is linked to Fortinet products using the following:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Further Information Can be found at the following URL: https://fortiguard.fortinet.com/psirt/FG-IR-22-398
M247 Customers are recommended to look out for issues with SSL or devices rebooting as a minimum.
Remediation: Working with Fortinet we have found that the devices these versions are active on will need to be patched urgently.
Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above
As a result, M247 customers should be aware our team will start patching devices between 6pm and 10pm until further notice, should you have any objection please let M247 support know. Our M247 Support Team will be in contact as soon as possible to remediate this matter.
We want you to know that we take this issue very seriously. Please accept our sincere apologies for any inconvenience this may cause.
If you have any queries, please contact M247 support on 0161 822 2580 (opt 1, opt 1).
Regards
M247 Support