An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
2023-03-07T17:15:12.380
2024-11-21T07:29:51.513
Modified
CVSSv3.1: 6.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiproxy | ≤ 1.2.13 | Yes |
| Application | fortinet | fortiproxy | ≤ 2.0.11 | Yes |
| Application | fortinet | fortiproxy | ≤ 7.0.7 | Yes |
| Application | fortinet | fortiproxy | 1.1.5 | Yes |
| Application | fortinet | fortiproxy | 1.1.6 | Yes |
| Application | fortinet | fortiproxy | 7.2.0 | Yes |
| Application | fortinet | fortiproxy | 7.2.1 | Yes |
| Operating System | fortinet | fortios | ≤ 6.2.13 | Yes |
| Operating System | fortinet | fortios | ≤ 6.4.11 | Yes |
| Operating System | fortinet | fortios | ≤ 7.0.9 | Yes |
| Operating System | fortinet | fortios | ≤ 7.2.3 | Yes |