CVE-2022-45861
Summary
| CVE | CVE-2022-45861 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-07 17:15:00 UTC |
| Updated | 2023-11-07 03:54:00 UTC |
| Description | An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request. |
Risk And Classification
Problem Types: CWE-824
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fortinet | Fortios | All | All | All | All |
| Operating System | Fortinet | Fortios | All | All | All | All |
| Operating System | Fortinet | Fortios | All | All | All | All |
| Operating System | Fortinet | Fortios | All | All | All | All |
| Application | Fortinet | Fortiproxy | 1.1.5 | All | All | All |
| Application | Fortinet | Fortiproxy | 1.1.6 | All | All | All |
| Application | Fortinet | Fortiproxy | 7.2.0 | All | All | All |
| Application | Fortinet | Fortiproxy | 7.2.1 | All | All | All |
| Application | Fortinet | Fortiproxy | All | All | All | All |
| Application | Fortinet | Fortiproxy | All | All | All | All |
| Application | Fortinet | Fortiproxy | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PSIRT Advisories | FortiGuard | MISC | fortiguard.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 43993 Fortinet FortiOS Denial of Service (DoS) Vulnerability (FG-IR-22-477)