Null Pointer Dereference in FortiOS Affects Multiple Versions by Fortinet
CVE-2023-42786

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 14 January 2025

What is CVE-2023-42786?

A null pointer dereference vulnerability in FortiOS allows an attacker to exploit the flaw through a specially crafted HTTP request. This may result in a denial of service condition, impacting the availability and performance of the FortiOS devices running the affected software versions. It is essential for users to update their systems to mitigate this risk and ensure continued security.

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-293

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025

JSON