Use of uninitialized resource in SSLVPN websocket Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-165 Final 1 1 2025-04-08T00:00:00 Current version 2025-04-08T00:00:00 2025-04-08T00:00:00 Multiple potential issues, including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] in FortiOS & FortiProxy SSLVPN webmode may allow a VPN user to corrupt memory, potentially leading to code or commands execution via specifically crafted requests. None Execute unauthorized code or commands FortiProxy 7.6 all versions are not affectedFortiProxy 7.4 all versions are not affectedFortiProxy version 7.2.0 through 7.2.6FortiProxy version 7.0.0 through 7.0.12FortiProxy 2.0 all versions are not affectedFortiOS 7.6 all versions are not affectedFortiOS version 7.4.0FortiOS version 7.2.0 through 7.2.5FortiOS version 7.0.1 through 7.0.12FortiOS version 6.4.7 through 6.4.14 Please upgrade to FortiOS version 7.4.1 or abovePlease upgrade to FortiOS version 7.2.6 or abovePlease upgrade to FortiOS version 7.0.13 or abovePlease upgrade to FortiOS version 6.4.15 or abovePlease upgrade to FortiOS version 6.4.14 or abovePlease upgrade to FortiProxy version 7.4.0 or abovePlease upgrade to FortiProxy version 7.2.7 or abovePlease upgrade to FortiProxy version 7.0.13 or aboveFortiSASE is no longer impacted, issue remediated Q3/23Workaround:Disable SSLVPN webmode.Alternatively, please use SSLVPN tunnel mode, IPsec (tunnel) or ZTNA (web access).https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-SSL-VPN-Web-Mode-or-Tunnel-Mode-in/ta-p/217990https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/45836/ssl-vpn-to-ipsec-vpnhttps://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/78050/migrating-from-ssl-vpn-to-ztna Internally discovered and reported by Kai Ni from Burnaby Infosec team. FortiOS 7.4.0 FortiOS 7.2.5 FortiOS 7.2.4 FortiOS 7.2.3 FortiOS 7.2.2 FortiOS 7.2.1 FortiOS 7.2.0 FortiOS 7.0.12 FortiOS 7.0.11 FortiOS 7.0.10 FortiOS 7.0.9 FortiOS 7.0.8 FortiOS 7.0.7 FortiOS 7.0.6 FortiOS 7.0.5 FortiOS 7.0.4 FortiOS 7.0.3 FortiOS 7.0.2 FortiOS 7.0.1 FortiOS 6.4.14 FortiOS 6.4.13 FortiOS 6.4.12 FortiOS 6.4.11 FortiOS 6.4.10 FortiOS 6.4.9 FortiOS 6.4.8 FortiOS 6.4.7 FortiProxy 7.2.6 FortiProxy 7.2.5 FortiProxy 7.2.4 FortiProxy 7.2.3 FortiProxy 7.2.2 FortiProxy 7.2.1 FortiProxy 7.2.0 FortiProxy 7.0.12 FortiProxy 7.0.11 FortiProxy 7.0.10 FortiProxy 7.0.9 FortiProxy 7.0.8 FortiProxy 7.0.7 FortiProxy 7.0.6 FortiProxy 7.0.5 FortiProxy 7.0.4 FortiProxy 7.0.3 FortiProxy 7.0.2 FortiProxy 7.0.1 FortiProxy 7.0.0 CVE-2023-37930 FortiOS-7.4.0 FortiOS-7.2.5 FortiOS-7.2.4 FortiOS-7.2.3 FortiOS-7.2.2 FortiOS-7.2.1 FortiOS-7.2.0 FortiOS-7.0.12 FortiOS-7.0.11 FortiOS-7.0.10 FortiOS-7.0.9 FortiOS-7.0.8 FortiOS-7.0.7 FortiOS-7.0.6 FortiOS-7.0.5 FortiOS-7.0.4 FortiOS-7.0.3 FortiOS-7.0.2 FortiOS-7.0.1 FortiOS-6.4.14 FortiOS-6.4.13 FortiOS-6.4.12 FortiOS-6.4.11 FortiOS-6.4.10 FortiOS-6.4.9 FortiOS-6.4.8 FortiOS-6.4.7 FortiProxy-7.2.6 FortiProxy-7.2.5 FortiProxy-7.2.4 FortiProxy-7.2.3 FortiProxy-7.2.2 FortiProxy-7.2.1 FortiProxy-7.2.0 FortiProxy-7.0.12 FortiProxy-7.0.11 FortiProxy-7.0.10 FortiProxy-7.0.9 FortiProxy-7.0.8 FortiProxy-7.0.7 FortiProxy-7.0.6 FortiProxy-7.0.5 FortiProxy-7.0.4 FortiProxy-7.0.3 FortiProxy-7.0.2 FortiProxy-7.0.1 FortiProxy-7.0.0 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-165 Use of uninitialized resource in SSLVPN websocket Reference>