First published: Tue Mar 07 2023(Updated: )
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
Fortinet FortiProxy | >=2.0.0<=2.0.11 | |
Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
Fortinet FortiProxy | =1.1.5 | |
Fortinet FortiProxy | =1.1.6 | |
Fortinet FortiProxy | =7.2.0 | |
Fortinet FortiProxy | =7.2.1 | |
Fortinet FortiOS | >=6.2.0<=6.2.13 | |
Fortinet FortiOS | >=6.4.0<=6.4.11 | |
Fortinet FortiOS | >=7.0.0<=7.0.9 | |
Fortinet FortiOS | >=7.2.0<=7.2.3 |
Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.10 or above Please upgrade to FortiOS version 6.4.12 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.12 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45861 is an access of uninitialized pointer vulnerability in the SSL VPN portal of Fortinet FortiOS and FortiProxy.
CVE-2022-45861 has a severity level of 6.5 (medium).
Fortinet FortiOS versions 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3, as well as FortiProxy versions 2.0.0 through 2.0.11, 7.0.0 through 7.0.7, and 7.2.0 through 7.2.1 are affected by CVE-2022-45861.
CVE-2022-45861 can be exploited by a remote authenticated attacker to gain unauthorized access to sensitive information or execute arbitrary code on affected versions of Fortinet FortiOS.
To fix CVE-2022-45861, it is recommended to update Fortinet FortiOS and FortiProxy to the latest available versions provided by Fortinet.