Lucene search

FortiGuard LabsFG-IR-23-184

HistoryOct 10, 2023 - 12:00 a.m.

Protect

2023-10-1000:00:00

FortiGuard Labs

www.fortiguard.com

fortios

fortiproxy

vulnerability

cwe-416

unauthenticated

remote attacker

web proxy

crash

firewall policies

ssl

deep packet inspection

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

31.4%

JSON

A use after free vulnerability [CWE-416] in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

CPENameOperatorVersion
fortioseq7.2.4
fortioseq7.2.3
fortioseq7.2.2
fortioseq7.2.1
fortioseq7.2.0
fortioseq7.0.10
fortioseq7.0.9
fortioseq7.0.8
fortioseq7.0.7
fortioseq7.0.6

Name	Operator	Version
fortios	eq	7.2.4
fortios	eq	7.2.3
fortios	eq	7.2.2
fortios	eq	7.2.1
fortios	eq	7.2.0
fortios	eq	7.0.10
fortios	eq	7.0.9
fortios	eq	7.0.8
fortios	eq	7.0.7
fortios	eq	7.0.6

Rows per page:

1-10 of 281

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

31.4%

JSON

Related for FG-IR-23-184