CVE-2022-45861

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.11 and earlier, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 FortiProxy versions 2.0.11 and earlier, 7.0.0 through 7.0.7, 7.2.0 through 7.2.1

Description The issue is related to an access of uninitialized pointer vulnerability in the SSL VPN portal of Fortinet FortiOS and FortiProxy. This vulnerability allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Recommendations For FortiOS versions 6.4.11 and earlier, update to version 6.4.11 or later to resolve the issue. For FortiOS versions 7.0.0 through 7.0.9, update to a version later than 7.0.9 to resolve the issue. For FortiOS versions 7.2.0 through 7.2.3, update to a version later than 7.2.3 to resolve the issue. For FortiProxy versions 2.0.11 and earlier, update to version 2.0.11 or later to resolve the issue. For FortiProxy versions 7.0.0 through 7.0.7, update to a version later than 7.0.7 to resolve the issue. For FortiProxy versions 7.2.0 through 7.2.1, update to a version later than 7.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the SSL VPN portal to minimize the risk of exploitation.