Vulnerability Database

316,080

Total vulnerabilities in the database

CVE-2022-45861

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Published: Mar 7, 2023
Updated: Nov 16, 2025
CVE: CVE-2022-45861
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-824

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	1.2.0	1.2.13.x
fortinet / fortiproxy	7.2.0	7.2.0.x
fortinet / fortiproxy	7.0.0	7.0.7.x
fortinet / fortiproxy	2.0.0	2.0.11.x
fortinet / fortios	6.4.0	6.4.11.x
fortinet / fortiproxy	7.2.1	7.2.1.x
fortinet / fortios	7.2.0	7.2.3.x
fortinet / fortios	6.2.0	6.2.13.x
fortinet / fortios	7.0.0	7.0.9.x
fortinet / fortiproxy	1.1.5	1.1.5.x
fortinet / fortiproxy	1.1.6	1.1.6.x

https://fortiguard.com/psirt/FG-IR-22-477

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo