CVE-2023-29180 — NULL Pointer Dereference in Fortinet Fortios

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedFeb 22

Description

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDfortinet/fortios6.0.0 — 6.0.17+4

▶NVDfortinet/fortiproxy2.0.0 — 2.0.13+5

▶CVEListV5fortinet/fortios7.2.0 — 7.2.4+4

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.3+5

🔴Vulnerability Details

CVEList

CVE-2023-29180: A null pointer dereference in Fortinet FortiOS version 7↗2024-02-22

▶

GHSA

GHSA-wcp3-6xhg-h726: A null pointer dereference in Fortinet FortiOS version 7↗2024-02-22

▶

📋Vendor Advisories

Fortinet

Null pointer dereference in sslvnd↗2024-02-22

▶