CVE-2023-41675

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

Published: Oct 10, 2023
Updated: Oct 14, 2023
CVE: CVE-2023-41675
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	7.2.0	7.2.0.x
fortinet / fortiproxy	7.2.1	7.2.1.x
fortinet / fortiproxy	7.0.0	7.0.8.x
fortinet / fortios	7.2.0	7.2.4.x
fortinet / fortiproxy	7.2.2	7.2.2.x
fortinet / fortios	7.0.0	7.0.10.x

https://fortiguard.com/psirt/FG-IR-23-184

Vulnerability Database

289,784

CVE-2023-41675