Uninitialized Pointer Vulnerability in Fortinet FortiOS and FortiProxy

Uninitialized Pointer Vulnerability in Fortinet FortiOS and FortiProxy

CVE-2022-45861 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Learn more about our Cis Benchmark Audit For Apple Ios.