VYPR
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Oct 22, 2024

CVE-2022-45861

CVE-2022-45861

Description

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Affected products

4
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    <=2.0.11, 7.0.0-7.0.7, 7.2.0-7.2.1+ 1 more
    • (no CPE)range: <=2.0.11, 7.0.0-7.0.7, 7.2.0-7.2.1
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    <=6.4.11, 7.0.0-7.0.9, 7.2.0-7.2.3+ 1 more
    • (no CPE)range: <=6.4.11, 7.0.0-7.0.9, 7.2.0-7.2.3
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.