{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-45861","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-11-23T14:57:05.613Z","datePublished":"2023-03-07T16:21:49.923Z","dateUpdated":"2024-10-22T20:48:10.646Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.9","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.11","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.13","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.7","status":"affected"},{"versionType":"semver","version":"2.0.0","lessThanOrEqual":"2.0.11","status":"affected"},{"versionType":"semver","version":"1.2.0","lessThanOrEqual":"1.2.13","status":"affected"},{"versionType":"semver","version":"1.1.5","lessThanOrEqual":"1.1.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-03-07T16:21:49.923Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-824","description":"Denial of service","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.12 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-477","url":"https://fortiguard.com/psirt/FG-IR-22-477"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T14:24:02.823Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-477","url":"https://fortiguard.com/psirt/FG-IR-22-477","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:18:22.883912Z","id":"CVE-2022-45861","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:48:10.646Z"}}]}}