CVE-2022-45861

MEDIUM

Fortinet FortiOS <6.4.11 - Use After Free

Title source: llm

Description

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-477

Scores

CVSS v3 6.5

EPSS 0.0075

EPSS Percentile 73.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-824

Status published

Products (6)

fortinet/fortios 6.2.0 - 6.2.13

fortinet/fortiproxy 1.1.5

fortinet/fortiproxy 1.1.6

fortinet/fortiproxy 7.2.0

fortinet/fortiproxy 7.2.1

fortinet/fortiproxy 1.2.0 - 1.2.13

Published Mar 07, 2023

Tracked Since Feb 18, 2026