vulnerability

Fortinet FortiOS: Access of Uninitialized Pointer (CVE-2022-45861)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Mar 7, 2023

Added

Mar 16, 2023

Modified

May 28, 2026

Description

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Solution

fortios-upgrade-latest

References

CVE-2022-45861
https://attackerkb.com/topics/CVE-2022-45861
CWE-824
EUVD-EUVD-2022-48714
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-48714
https://fortiguard.com/psirt/FG-IR-22-477

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report