CVE-2022-45861
6.5MEDIUMAn access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7
Опубликовано: 3/7/2023Обновлено: 11/21/2024
Описание
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
ИИ-АнализНа базе ИИ
Затронутые продукты
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
1.1.5
fortinetfortiproxy
1.1.6
fortinetfortiproxy
7.2.0
fortinetfortiproxy
7.2.1
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
Ссылки
- https://fortiguard.com/psirt/FG-IR-22-477Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-477Vendor Advisory