Multiple Vulnerabilities in Fortinet FortiOS and FortiProxy SSL VPN
CVE-2023-37930
6.7MEDIUM
Summary
Fortinet products, specifically FortiOS and FortiProxy in certain SSL VPN configurations, are affected by multiple vulnerabilities that involve the use of uninitialized resources and excessive iterations. This may allow a VPN user to exploit the system through specially crafted requests, potentially leading to memory corruption and unauthorized execution of code or commands.
Affected Version(s)
FortiOS 7.4.0
FortiOS 7.2.0 <= 7.2.5
FortiOS 7.0.1 <= 7.0.11
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved