ghsa-whjf-x8mc-6gr3
Vulnerability from github
Published
2023-03-07 18:30
Modified
2023-03-14 21:30
Severity
Details
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
{ "affected": [], "aliases": [ "CVE-2022-45861" ], "database_specific": { "cwe_ids": [ "CWE-824" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-07T17:15:00Z", "severity": "MODERATE" }, "details": "An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.", "id": "GHSA-whjf-x8mc-6gr3", "modified": "2023-03-14T21:30:21Z", "published": "2023-03-07T18:30:39Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45861" }, { "type": "WEB", "url": "https://fortiguard.com/psirt/FG-IR-22-477" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
Loading...