CVE-2022-29055

2022-10-1815:15:09

CWE-824

[email protected]

web.nvd.nist.gov

cve-2022-29055

fortinet

fortios

fortiproxy

uninitialized pointer access

remote attack

sslvpn

http get

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.3%

JSON

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Affected configurations

NVD

Node

fortinetfortiproxyRange1.2.6–1.2.13

fortinetfortiproxyRange2.0.0–2.0.10

fortinetfortiproxyRange7.0.0–7.0.7

fortinetfortiproxyMatch7.2.0

fortinetfortiosRange6.2.0–6.2.11

fortinetfortiosRange6.4.0–6.4.10

fortinetfortiosRange7.0.0–7.0.7

fortinetfortiosMatch7.2.0

CPENameOperatorVersion
fortinet:fortiproxyfortinet fortiproxylt1.2.13
fortinet:fortiproxyfortinet fortiproxylt2.0.10
fortinet:fortiproxyfortinet fortiproxylt7.0.7
fortinet:fortiproxyfortinet fortiproxyeq7.2.0
fortinet:fortiosfortinet fortioslt6.2.11
fortinet:fortiosfortinet fortioslt6.4.10
fortinet:fortiosfortinet fortioslt7.0.7
fortinet:fortiosfortinet fortioseq7.2.0

CPE	Name	Operator	Version
fortinet:fortiproxy	fortinet fortiproxy	lt	1.2.13
fortinet:fortiproxy	fortinet fortiproxy	lt	2.0.10
fortinet:fortiproxy	fortinet fortiproxy	lt	7.0.7
fortinet:fortiproxy	fortinet fortiproxy	eq	7.2.0
fortinet:fortios	fortinet fortios	lt	6.2.11
fortinet:fortios	fortinet fortios	lt	6.4.10
fortinet:fortios	fortinet fortios	lt	7.0.7
fortinet:fortios	fortinet fortios	eq	7.2.0

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "Fortinet FortiOS, FortiProxy",
    "versions": [
      {
        "version": "FortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiProxy 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.9, 1.2.8, 1.2.7, 1.2.6",
        "status": "affected"
      }
    ]
  }
]