Fortinet FortiOS up to 7.4.1 HTTP Header null pointer dereference

Summaryinfo

A vulnerability marked as problematic has been reported in Fortinet FortiOS up to 7.4.1. Impacted is an unknown function of the component HTTP Header Handler. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2023-42786. Remote exploitation of the attack is possible. No exploit is available.

Detailsinfo

A vulnerability has been found in Fortinet FortiOS up to 7.4.1 and classified as critical. Affected by this vulnerability is an unknown code of the component HTTP Header Handler. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. The summary by CVE is:

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.

The advisory is shared at fortiguard.fortinet.com. This vulnerability is known as CVE-2023-42786 since 09/14/2023. The exploitation appears to be easy. The attack can be launched remotely. Neither technical details nor an exploit are publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 214074 (Fortinet Fortigate Null pointer dereference leading to sslvpn DOS (FG-IR-23-293)), which helps to determine the existence of the flaw in a target environment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Tenable (214074). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Fortinet

Name

• FortiOS

Version

• 6.0.0
• 6.0.1
• 6.0.2
• 6.0.3
• 6.0.4
• 6.0.5
• 6.0.6
• 6.0.7
• 6.0.8
• 6.0.9
• 6.0.10
• 6.0.11
• 6.0.12
• 6.0.13
• 6.0.14
• 6.0.15
• 6.0.16
• 6.0.17
• 6.0.18
• 6.2.0
• 6.2.1
• 6.2.2
• 6.2.3
• 6.2.4
• 6.2.5
• 6.2.6
• 6.2.7
• 6.2.8
• 6.2.9
• 6.2.10
• 6.2.11
• 6.2.12
• 6.2.13
• 6.2.14
• 6.2.15
• 6.2.16
• 6.4.0
• 6.4.1
• 6.4.2
• 6.4.3
• 6.4.4
• 6.4.5
• 6.4.6
• 6.4.7
• 6.4.8
• 6.4.9
• 6.4.10
• 6.4.11
• 6.4.12
• 6.4.13
• 6.4.14
• 6.4.15
• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.7
• 7.0.8
• 7.0.9
• 7.0.10
• 7.0.11
• 7.0.12
• 7.0.13
• 7.0.14
• 7.0.15
• 7.0.16
• 7.2.0
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.4
• 7.2.5
• 7.4.0
• 7.4.1

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion