===================================================================== CERT-Renater Note d'Information No. 2022/VULN366 _____________________________________________________________________ DATE : 10/10/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running FortiOS versions prior to 7.2.2, 7.0.7, 6.4.10, 6.2.11, FortiProxy versions prior to 7.2.1, 7.0.7, 2.0.10. ===================================================================== https://www.fortiguard.com/psirt/FG-IR-22-086 _____________________________________________________________________ IR Number FG-IR-22-086 Date Oct 10, 2022 Severity High CVSSv3 Score 7.3 Impact Denial of service CVE ID CVE-2022-29055 Affected Products FortiOS : 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 FortiProxy : 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.13, 1.2.12, 1.2.11, 1.2.10 CVRF Download PSIRT Advisories FortiOS / FortiProxy - Access to NULL pointer in SSL VPN portal Summary An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of FortiOS & FortiProxy may allow a remote unauthenticated or authenticated (see Affected Products section) attacker to crash the sslvpn daemon via an HTTP GET request. Affected Products No need to be authenticated to provoke a crash: FortiOS version 6.4.4 through 6.4.9 FortiOS version 7.0.0 through 7.0.5 FortiOS version 7.2.0 FortiProxy version 7.0.0 through 7.0.4 Need to be authenticated to provoke a crash: FortiOS version 6.0.0 through 6.0.14 FortiOS version 6.2.0 through 6.2.10 FortiOS version 6.4.0 through 6.4.3 FortiProxy version 1.2.6 through 1.2.13 FortiProxy version 2.0.0 through 2.0.9 Solutions Upgrade FortiOS to version 7.2.2 and above, Upgrade FortiOS to version 7.0.7 and above, Upgrade FortiOS to version 6.4.10 and above, Upgrade FortiOS to version 6.2.11 and above. Upgrade FortiProxy to version 7.2.1 and above, Upgrade FortiProxy to version 7.0.7 and above, Upgrade FortiProxy to version 2.0.10 and above. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================