CVE-2023-41675

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.8
fortinetfortiproxy
7.2.0
fortinetfortiproxy
7.2.1
fortinetfortiproxy
7.2.2
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.10
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.4
ADP
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.10
ADP
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.2
ADP
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.8
ADP
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-23-184
https://fortiguard.com/psirt/FG-IR-23-184