CVE-2022-29055: 
FortiOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-29055 was discovered in Fortinet's FortiOS and FortiProxy products. The issue involves an access of uninitialized pointer in multiple versions of the software, including FortiOS versions 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, and FortiProxy versions 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, and 1.2.x. The vulnerability was assigned on April 11, 2022, and received a CVSS v3.1 score of 7.3, indicating high severity (MITRE, NVD).

The vulnerability is classified under CWE-824 and involves an access to an uninitialized pointer in the SSL VPN daemon. The issue can be triggered via an HTTP GET request to the SSL VPN portal. The vulnerability received a CVSS v3.1 base score of 7.3 (High), with the following vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability allows an attacker to crash the SSL VPN daemon, resulting in a denial of service condition. This impact affects the availability of the SSL VPN service, potentially disrupting remote access capabilities for legitimate users (FortiGuard).

Fortinet has addressed this vulnerability in updated versions of their software. Users are advised to upgrade to the latest versions of FortiOS and FortiProxy that contain the security fixes (FortiGuard).