Lucene search

FortinetCVE-2023-29178

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-29178

2023-06-1309:15:17

CWE-824

fortinet

web.nvd.nist.gov

cve-2023-29178

cwe-824

fortinet

fortiproxy

fortios

vulnerability

security

nvd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

Affected configurations

Nvd

Node

fortinetfortiproxyRange1.1.0–1.1.6

fortinetfortiproxyRange1.2.0–1.2.13

fortinetfortiproxyRange2.0.0–2.0.12

fortinetfortiproxyRange7.0.0–7.0.9

fortinetfortiproxyMatch7.2.0

fortinetfortiproxyMatch7.2.1

fortinetfortiproxyMatch7.2.2

fortinetfortiproxyMatch7.2.3

fortinetfortiosRange6.0.0–6.0.17

fortinetfortiosRange6.2.0–6.2.15

fortinetfortiosRange6.4.0–6.4.13

fortinetfortiosRange7.0.0–7.0.11

fortinetfortiosRange7.2.0–7.2.4

VendorProductVersionCPE
fortinetfortiproxy*cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinetfortiproxy7.2.0cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
fortinetfortiproxy7.2.1cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
fortinetfortiproxy7.2.2cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
fortinetfortiproxy7.2.3cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiproxy	*	cpe:2.3:a:fortinet:fortiproxy::::::::
fortinet	fortiproxy	7.2.0	cpe:2.3:a:fortinet:fortiproxy:7.2.0:::::::*
fortinet	fortiproxy	7.2.1	cpe:2.3:a:fortinet:fortiproxy:7.2.1:::::::*
fortinet	fortiproxy	7.2.2	cpe:2.3:a:fortinet:fortiproxy:7.2.2:::::::*
fortinet	fortiproxy	7.2.3	cpe:2.3:a:fortinet:fortiproxy:7.2.3:::::::*
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiProxy",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.9",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "2.0.0",
        "lessThanOrEqual": "2.0.12",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.2.0",
        "lessThanOrEqual": "1.2.13",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.1.0",
        "lessThanOrEqual": "1.1.6",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiOS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.11",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.13",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.15",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.17",
        "status": "affected"
      }
    ]
  }
]