Details of VAR-202210-0421

ID

VAR-202210-0421

CVE

CVE-2022-29055

TITLE

fortinet's FortiProxy and FortiOS Vulnerability in accessing uninitialized pointers in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019255

DESCRIPTION

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. fortinet's FortiProxy and FortiOS Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. There is a security vulnerability in Fortinet FortiOS. The vulnerability stems from the fact that an attacker can forcibly dereference a NULL pointer through the SSL VPN Portal to trigger a denial of service. The following products and versions are affected: Fortinet FortiOS Version 7.2.0, Versions 7.0.0 to 7.0.5, Versions 6.4.0 to 6.4.9, Versions 6.2.0 to 6.2.10, Versions 6.0.0 to 6.0.14

Trust: 1.71

sources: NVD: CVE-2022-29055 // JVNDB: JVNDB-2022-019255 // VULHUB: VHN-420589

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.7	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.2.6	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	2.0.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	6.2.11	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	6.4.10	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	1.2.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.0.0 that's all 7.0.7	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.4.0 that's all 6.4.10	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.2.0 that's all 6.2.11	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.2.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-019255 // NVD: CVE-2022-29055

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29055
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2022-29055
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29055
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-376
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-29055
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-29055
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019255 // CNNVD: CNNVD-202210-376 // NVD: CVE-2022-29055 // NVD: CVE-2022-29055

PROBLEMTYPE DATA

problemtype:	CWE-824	Trust: 1.1
problemtype:	Accessing uninitialized pointers (CWE-824) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420589 // JVNDB: JVNDB-2022-019255 // NVD: CVE-2022-29055

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-376

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-376

PATCH

title:	FG-IR-22-086	url:	https://fortiguard.com/psirt/FG-IR-22-086	Trust: 0.8
title:	Fortinet FortiOS Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=211449	Trust: 0.6

sources: JVNDB: JVNDB-2022-019255 // CNNVD: CNNVD-202210-376

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29055	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019255	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-376	Trust: 0.7
db:	VULHUB	id:	VHN-420589	Trust: 0.1

sources: VULHUB: VHN-420589 // JVNDB: JVNDB-2022-019255 // CNNVD: CNNVD-202210-376 // NVD: CVE-2022-29055

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-086	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29055	Trust: 0.8
url:	https://vigilance.fr/vulnerability/fortinet-fortios-null-pointer-dereference-via-ssl-vpn-portal-39498	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29055/	Trust: 0.6

sources: VULHUB: VHN-420589 // JVNDB: JVNDB-2022-019255 // CNNVD: CNNVD-202210-376 // NVD: CVE-2022-29055

SOURCES

db:	VULHUB	id:	VHN-420589
db:	JVNDB	id:	JVNDB-2022-019255
db:	CNNVD	id:	CNNVD-202210-376
db:	NVD	id:	CVE-2022-29055

LAST UPDATE DATE

2024-08-14T13:21:36.850000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420589	date:	2022-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-019255	date:	2023-10-25T02:49:00
db:	CNNVD	id:	CNNVD-202210-376	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-29055	date:	2022-10-20T19:13:12.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420589	date:	2022-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-019255	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202210-376	date:	2022-10-10T00:00:00
db:	NVD	id:	CVE-2022-29055	date:	2022-10-18T15:15:09.620