CVE-2023-41675

4.8MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiproxy
Vendor: CVE Published:; 10 October 2023

Summary

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.4

FortiOS 7.0.0 <= 7.0.10

FortiProxy 7.2.0 <= 7.2.2

References

https://fortiguard.com/psirt/FG-IR-23-184

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Aug 30, 2023