Headline
CVE-2022-29055: Fortiguard
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
** PSIRT Advisories**
FortiOS / FortiProxy - Access to NULL pointer in SSL VPN portal
Summary
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of FortiOS & FortiProxy may allow a remote unauthenticated or authenticated (see Affected Products section) attacker to crash the sslvpn daemon via an HTTP GET request.
Affected Products
No need to be authenticated to provoke a crash:
FortiOS version 6.4.4 through 6.4.9
FortiOS version 7.0.0 through 7.0.5
FortiOS version 7.2.0
FortiProxy version 7.0.0 through 7.0.4
Need to be authenticated to provoke a crash:
FortiOS 6.0 all versions
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.3
FortiProxy version 1.2.6 through 1.2.13
FortiProxy version 2.0.0 through 2.0.9
Solutions
Upgrade FortiOS to version 7.2.2 and above,
Upgrade FortiOS to version 7.0.7 and above,
Upgrade FortiOS to version 6.4.10 and above,
Upgrade FortiOS to version 6.2.11 and above.
Upgrade FortiProxy to version 7.2.1 and above,
Upgrade FortiProxy to version 7.0.7 and above,
Upgrade FortiProxy to version 2.0.10 and above.