CVE-2023-37930

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-165	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios:7.4.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::

History

No history.

Information

Published : 2025-04-08 14:15

Updated : 2025-07-23 16:01

NVD link : CVE-2023-37930

Mitre link : CVE-2023-37930

CVE.ORG link : CVE-2023-37930

JSON object : View

Products Affected

fortinet

fortiproxy
fortios

CWE

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2023-37930", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-04-08T14:15:30.653", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-165", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests."}, {"lang": "es", "value": "Varios problemas, incluido el uso de recursos no inicializados [CWE-908] y las vulnerabilidades de iteraci\u00f3n excesiva [CWE-834] en Fortinet FortiOS SSL VPN webmode versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.5, versi\u00f3n 7.0.1 a 7.0.11 y versi\u00f3n 6.4.7 a 6.4.14 y Fortinet FortiProxy SSL VPN webmode versi\u00f3n 7.2.0 a 7.2.6 y versi\u00f3n 7.0.0 a 7.0.12 permiten que un usuario de VPN corrompa la memoria, lo que potencialmente lleva a la ejecuci\u00f3n de c\u00f3digo o comandos a trav\u00e9s de solicitudes espec\u00edficamente manipuladas."}], "lastModified": "2025-07-23T16:01:29.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC74FDEA-FB64-4516-8ADE-C99E14232121", "versionEndExcluding": "6.4.15", "versionStartIncluding": "6.4.7"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB691B1-C64D-4A25-8FA4-61B0E13AF55D", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.1"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E323817-A339-48C3-B21A-851F1631F14B", "versionEndExcluding": "7.2.6", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE3D3235-9BBE-43F4-82B9-C51CED2F0DB3", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D22E71-B3EE-4CF6-B6A2-297320861EC1", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}