Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

Like many other researchers we recently dived into the new FortiGate SSLVPN vulnerability (CVE-2022-42475) which consists of a heap overflow vulnerability in the SSLVPN service.

We quickly jumped on it to see if we could find a method to accurately fingerprint the versions of the devices connected to the internet that are running the SSLVPN service. Luckily we have some volunteers that were able to quickly grab images of the vulnerable version, as well as the patched version so we could do some differential checks and maybe catch some low hanging fruit that would reveal the specific version of the device. Dissecting FortiGate Images for fun and non-profit