Multiple vulnerabilities in Fortinet FortiOS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-29180 CVE-2023-29181 CVE-2023-29179 |
| CWE-ID | CWE-476 CWE-134 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
FortiOS Operating systems & Components / Operating system |
| Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU77178
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29180
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote non-authenticated attacker can send a specially crafted HTTP request to the /proxy endpoint and crash the SSL-VPN daemon.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortiOS: 6.0.0 - 7.2.4
External linkshttp://fortiguard.fortinet.com/psirt/FG-IR-23-111
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Format string error
EUVDB-ID: #VU77177
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29181
CWE-ID:
CWE-134 - Use of Externally-Controlled Format String
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a format string error in the Fclicense daemon. A remote user can send specially crafted requests to the daemon that contains format string specifiers and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortiOS: 4.1.1 - 7.2.4
External linkshttp://fortiguard.fortinet.com/psirt/FG-IR-23-119
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU77176
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29179
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote user can send a specially crafted HTTP request to the /proxy endpoint and crash the SSL-VPN daemon.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortiOS: 6.4.0 - 7.2.4
External linkshttp://fortiguard.fortinet.com/psirt/FG-IR-23-125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
