Critical Infrastructure Sectors: Energy
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 up to and including 7.2.3, version 7.0.0 up to and including 7.0.9 and prior to 6.4.11 and FortiProxy version 7.2.0 up to and including 7.2.1, version 7.0.0 up to and including 7.0.7 and prior to 2.0.11 allows a remote authenticated malicious user to crash the sslvpn daemon via an HTTP GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortiproxy 7.2.0 |
||
fortinet fortios |
||
fortinet fortiproxy 7.2.1 |
||
fortinet fortiproxy 1.1.5 |
||
fortinet fortiproxy 1.1.6 |