CVE-2022-29055 in FortiOS
Summary
by MITRE • 10/18/2022
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/22/2026
The vulnerability identified as CVE-2022-29055 represents a critical access of uninitialized pointer flaw within Fortinet FortiOS and FortiProxy software implementations. This issue affects multiple version ranges across different product lines including FortiOS versions 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, and 6.0.x, as well as FortiProxy versions 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, and 1.2.x. The vulnerability stems from improper memory management practices where the sslvpn daemon fails to properly initialize memory pointers before accessing them, creating a potential for arbitrary code execution or system instability. This flaw exists in the handling of HTTP GET requests specifically within the sslvpn service component, making it particularly dangerous as it can be exploited through network-based attacks without requiring authentication.
The technical implementation of this vulnerability occurs when the sslvpn daemon processes incoming HTTP GET requests that contain malformed or unexpected parameters. When these requests are received, the system attempts to access memory locations that have not been properly initialized, leading to unpredictable behavior and potential system crashes. This uninitialized pointer access pattern falls under the CWE-457 category of "Use of Uninitialized Variable" and represents a classic memory safety issue that can lead to denial of service conditions or more severe exploitation scenarios. The vulnerability is particularly concerning because it allows both remote unauthenticated and authenticated attackers to trigger the same crash condition, significantly expanding the attack surface and reducing the barriers to exploitation.
The operational impact of CVE-2022-29055 extends beyond simple service disruption to potentially compromise the overall security posture of affected networks. When the sslvpn daemon crashes due to this vulnerability, it can result in complete service outages for remote access capabilities that organizations rely upon for secure connectivity. This disruption affects not only the immediate availability of sslvpn services but can also impact business continuity and remote work capabilities. Organizations that depend on Fortinet appliances for secure remote access may find their employees unable to connect to corporate resources during an attack, creating operational challenges and potential productivity losses. The vulnerability's ability to affect multiple FortiOS and FortiProxy versions across different major releases indicates a widespread exposure that requires immediate attention from security teams across affected organizations.
Mitigation strategies for CVE-2022-29055 should prioritize immediate patching of affected systems with the vendor-provided security updates. Fortinet has released patches addressing this vulnerability in affected versions, and organizations must ensure all impacted appliances are updated promptly to prevent exploitation. Network segmentation and access controls should be implemented to limit exposure of vulnerable systems to untrusted networks, while monitoring solutions should be deployed to detect unusual traffic patterns that might indicate exploitation attempts. The vulnerability's classification under the ATT&CK framework as a denial of service condition highlights the importance of implementing robust network monitoring and incident response procedures. Organizations should also consider implementing intrusion detection systems that can identify and block malicious HTTP GET requests targeting the sslvpn service, and establish baseline network behavior to quickly detect anomalous activity that could indicate exploitation attempts. Regular security assessments and vulnerability scanning should be conducted to identify any remaining unpatched systems within the organization's infrastructure.