7.5 CVE-2023-37930

 

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.
https://nvd.nist.gov/vuln/detail/CVE-2023-37930

Categories

CWE-908 : Use of Uninitialized Resource
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

References

psirt@fortinet.com


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* >= 6.4.7 < 6.4.15
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* >= 7.0.1 < 7.0.13
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* >= 7.2.0 < 7.2.6
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
Configuration 2
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* >= 7.0.0 < 7.0.13
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* >= 7.2.0 < 7.2.7

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry