Null Pointer Dereference in FortiOS Affects Multiple Versions by Fortinet
CVE-2023-42786

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 14 January 2025

Summary

A null pointer dereference vulnerability in FortiOS allows an attacker to exploit the flaw through a specially crafted HTTP request. This may result in a denial of service condition, impacting the availability and performance of the FortiOS devices running the affected software versions. It is essential for users to update their systems to mitigate this risk and ensure continued security.

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-293

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025