CVE-2023-29178Access of Uninitialized Pointer in Fortinet Fortios

CWE-824Access of Uninitialized Pointer4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 58.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortiproxy
Timeline
PublishedJun 13

Description

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5fortinet/fortios7.2.07.2.4+4
NVDfortinet/fortios6.0.06.0.17+4
CVEListV5fortinet/fortiproxy7.2.07.2.3+4
NVDfortinet/fortiproxy1.1.01.1.6+7

🔴Vulnerability Details

2
CVEList
CVE-2023-29178: A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 72023-06-13
GHSA
GHSA-qpph-3p23-86wr: A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 72023-06-13

📋Vendor Advisories

1
Fortinet
Access of uninitialized pointer in administrative interface API2023-06-13
CVE-2023-29178 — Access of Uninitialized Pointer | cvebase