CVE-2023-29180

Summary

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.2.0 <= 7.2.4affected
FortinetFortiOS7.0.0 <= 7.0.11affected
FortinetFortiOS6.4.0 <= 6.4.12affected
FortinetFortiOS6.2.0 <= 6.2.14affected
FortinetFortiOS6.0.0 <= 6.0.16affected
FortinetFortiProxy7.2.0 <= 7.2.3affected
FortinetFortiProxy7.0.0 <= 7.0.10affected
FortinetFortiProxy2.0.0 <= 2.0.12affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected

Weaknesses

  • CWE-476: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References