CVE-2023-37930

Published: Apr 8, 2025Modified: Jan 14, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.

Affected (6)

Products: Fortinet: Fortios, Fortiproxy

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.4.7 to 6.4.15
Fortinet Fortios	From 7.0.1 to 7.0.13
Fortinet Fortios	From 7.2.0 to 7.2.6
Fortinet Fortios	Version 7.4.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	From 7.0.0 to 7.0.13
Fortinet Fortiproxy	From 7.2.0 to 7.2.7

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (1)

https://fortiguard.com/psirt/FG-IR-23-165

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.