Multiple Vulnerabilities in Fortinet FortiOS and FortiProxy SSL VPN
CVE-2023-37930

6.7MEDIUM

Key Information:

Vendor
Fortinet
Status
FortiOS
Fortiproxy
Vendor
CVE Published:
8 April 2025

Summary

Fortinet products, specifically FortiOS and FortiProxy in certain SSL VPN configurations, are affected by multiple vulnerabilities that involve the use of uninitialized resources and excessive iterations. This may allow a VPN user to exploit the system through specially crafted requests, potentially leading to memory corruption and unauthorized execution of code or commands.

Affected Version(s)

FortiOS 7.4.0

FortiOS 7.2.0 <= 7.2.5

FortiOS 7.0.1 <= 7.0.11

References

https://fortiguard.com/psirt/FG-IR-23-165

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-37930 : Multiple Vulnerabilities in Fortinet FortiOS and FortiProxy SSL VPN | SecurityVulnerability.io