Rapid7

vulnerability

Fortinet FortiOS: Access of Uninitialized Pointer (CVE-2022-45861)

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Mar 7, 2023
Added
Mar 16, 2023
Modified
May 28, 2026

Description

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Solution

fortios-upgrade-latest
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.