CVE-2023-41675

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-184	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy:7.2.0:::::::*
	cpe:2.3:a:fortinet:fortiproxy:7.2.1:::::::*
	cpe:2.3:a:fortinet:fortiproxy:7.2.2:::::::*
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

History

No history.

Information

Published : 2023-10-10 17:15

Updated : 2023-11-07 04:21

NVD link : CVE-2023-41675

Mitre link : CVE-2023-41675

CVE.ORG link : CVE-2023-41675

JSON object : View

Products Affected

fortinet

fortiproxy
fortios

CWE

CWE-416

Use After Free

{"id": "CVE-2023-41675", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-10-10T17:15:12.620", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-184", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection."}, {"lang": "es", "value": "Una vulnerabilidad de use-after-free [CWE-416] en FortiOS versi\u00f3n 7.2.0 a 7.2.4 y versi\u00f3n 7.0.0 a 7.0.10 y FortiProxy versi\u00f3n 7.2.0 a 7.2.2 y versi\u00f3n 7.0.0 a 7.0.8 puede permitir un atacante remoto no autenticado bloquee el proceso WAD a trav\u00e9s de m\u00faltiples paquetes manipulados que alcanzan pol\u00edticas de proxy o pol\u00edticas de firewall con modo proxy junto con una inspecci\u00f3n profunda de paquetes SSL."}], "lastModified": "2023-11-07T04:21:04.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C83139FA-7195-4171-8BC6-CC4F9379C7C9", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F302F8-482A-4DA9-BDD9-63886B202B52"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91E7F209-D645-48EC-BB5F-E730E55E8EE9"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7028AFDA-6CB5-4DB0-8977-9BA995DE14C0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BB39159-5B36-415A-A57E-AFAFD7B848CF", "versionEndIncluding": "7.0.10", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25", "versionEndIncluding": "7.2.4", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}