CVE-2023-29178: Access of uninitialized pointer in administrative interface API
First published: Mon Jun 12 2023(Updated: )
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.12 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.9 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiProxy | =7.2.1 | |
| Fortinet FortiProxy | =7.2.2 | |
| Fortinet FortiProxy | =7.2.3 | |
| Fortinet FortiOS | >=6.0.0<=6.0.17 | |
| Fortinet FortiOS | >=6.2.0<=6.2.15 | |
| Fortinet FortiOS | >=6.4.0<=6.4.13 | |
| Fortinet FortiOS | >=7.0.0<=7.0.11 | |
| Fortinet FortiOS | >=7.2.0<=7.2.4 | |
| Fortinet FortiOS | >=7.2.0<=7.2.4 | |
| Fortinet FortiOS | >=7.0.0<=7.0.11 | |
| Fortinet FortiOS | >=6.4 | |
| Fortinet FortiOS | >=6.2 | |
| Fortinet FortiOS | >=6.0 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.3 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.9 | |
| Fortinet FortiProxy | >=2.0 | |
| Fortinet FortiProxy | >=1.2 | |
| Fortinet FortiProxy | >=1.1 |
Remedy
Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Fortinet FortiProxy vulnerability?
The vulnerability ID of this Fortinet FortiProxy vulnerability is CVE-2023-29178.
What is the severity of CVE-2023-29178?
The severity of CVE-2023-29178 is medium with a CVSS score of 4.3.
Which software versions are affected by CVE-2023-29178?
Fortinet FortiProxy versions 7.2.0 through 7.2.3 and versions before 7.0.9, as well as FortiOS versions 7.2.0 through 7.2.4 and versions before 7.0.11 are affected by CVE-2023-29178.
What is the CWE ID of CVE-2023-29178?
The CWE ID of CVE-2023-29178 is CWE-824.
How can an attacker exploit CVE-2023-29178?
An authenticated attacker can repetitively crash the httpsd process of Fortinet FortiProxy and FortiOS by sending crafted HTTP or HTTPS requests.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- collector/fortiguard-psirt
- source/FortiGuard
- alias/CVE-2023-29178
- agent/software-canonical-lookup
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/fortiguard-psirt-latest
- agent/event
- agent/trending
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.12
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.9
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.1
- version/fortinet fortiproxy/7.2.2
- version/fortinet fortiproxy/7.2.3
- canonical/fortinet fortios
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.17
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.15
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.13
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.11
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.4
- version/fortinet fortios/6.4
- version/fortinet fortios/6.2
- version/fortinet fortios/6.0
- version/fortinet fortiproxy/2.0
- version/fortinet fortiproxy/1.2
- version/fortinet fortiproxy/1.1