A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-184 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Oct 2023, 16:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet fortiproxy
Fortinet fortios Fortinet |
|
CWE | CWE-416 | |
References | (MISC) https://fortiguard.com/psirt/FG-IR-23-184 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
10 Oct 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-10 17:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-41675
Mitre link : CVE-2023-41675
CVE.ORG link : CVE-2023-41675
JSON object : View
Products Affected
fortinet
- fortios
- fortiproxy
CWE
CWE-416
Use After Free