CVE-2023-41675 — Use After Free in Fortinet Fortios

CWE-416 — Use After Free4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 39.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedOct 10

Description

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.2+1

▶NVDfortinet/fortiproxy7.0.0 — 7.0.8+3

▶CVEListV5fortinet/fortios7.2.0 — 7.2.4+1

▶NVDfortinet/fortios7.0.0 — 7.0.10+1

🔴Vulnerability Details

GHSA

GHSA-p4r9-85jf-w9fm: A use after free vulnerability [CWE-416] in FortiOS version 7↗2023-10-10

▶

CVEList

CVE-2023-41675: A use after free vulnerability [CWE-416] in FortiOS version 7↗2023-10-10

▶

📋Vendor Advisories

Fortinet

Webproxy process denial of service↗2023-10-10

▶