PT-2025-15424 · Fortinet · Fortiproxy+1
Published
2025-04-08
·
Updated
2025-07-23
·
CVE-2023-37930
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 6.4.7 through 6.4.14
Fortinet FortiOS versions 7.0.1 through 7.0.11
Fortinet FortiOS version 7.4.0
Fortinet FortiProxy versions 7.0.0 through 7.0.12
Fortinet FortiProxy versions 7.2.0 through 7.2.6
Description
The vulnerability involves issues related to the use of uninitialized resources [CWE-908] and excessive iteration [CWE-834]. A VPN user can potentially corrupt memory through specifically crafted requests, which may lead to code or command execution.
Recommendations
Fortinet FortiOS versions prior to 6.4.7 should be updated.
Fortinet FortiOS versions prior to 7.0.1 should be updated.
Fortinet FortiOS version 7.4.0 should be updated.
Fortinet FortiProxy versions prior to 7.0.0 should be updated.
Fortinet FortiProxy versions prior to 7.2.0 should be updated.
Fix
RCE
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortiproxy