CVE-2023-42785 – A null pointer dereference vulnerability in For... (How to Fix)

Q: What is the severity of CVE-2023-42785?

CVE-2023-42785 has a CVSS score of 6.5 (MEDIUM). A null pointer dereference vulnerability in FortiOS allows attackers to cause denial of service via specially crafted HTTP requests. This affects FortiOS versions 6.0 through 7.4.1 across multiple release branches. Organizations using vulnerable FortiGate firewalls are at risk of service disruption.

📋 TL;DR

A null pointer dereference vulnerability in FortiOS allows attackers to cause denial of service via specially crafted HTTP requests. This affects FortiOS versions 6.0 through 7.4.1 across multiple release branches. Organizations using vulnerable FortiGate firewalls are at risk of service disruption.

💻 Affected Systems

Products:

FortiGate firewalls running FortiOS

Versions: 7.4.0-7.4.1, 7.2.0-7.2.5, all 7.0.x, all 6.4.x, all 6.2.x, all 6.0.x

Operating Systems: FortiOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all configurations with HTTP management interfaces enabled. FortiGate devices in any deployment mode (NAT/Route, Transparent, etc.) are vulnerable.

📦 What is this software?

Fortios by Fortinet

View all CVEs affecting Fortios →

Fortios by Fortinet

View all CVEs affecting Fortios →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service on affected FortiGate devices, disrupting all network traffic and security services until manual reboot.

🟠

Likely Case

Service disruption affecting specific services or interfaces, requiring device restart to restore functionality.

🟢

If Mitigated

Minimal impact if devices are patched or protected by network segmentation and access controls.

🌐 Internet-Facing: HIGH - HTTP requests can be sent from anywhere on the internet to vulnerable interfaces.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but requires network access to management interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Crafted HTTP request can be sent without authentication. No privilege escalation or code execution is possible - only DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.2, 7.2.6, 7.0.13, 6.4.14, 6.2.15, 6.0.17

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-23-293

Restart Required: Yes

Instructions:

1. Download appropriate firmware version from Fortinet support portal. 2. Backup configuration. 3. Upload firmware via GUI or CLI. 4. Reboot device. 5. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict HTTP Management Access

all

Limit HTTP management interface access to trusted IP addresses only

config system interface
edit <interface_name>
set allowaccess https ssh ping
set trust-ip-1 <trusted_ip>
end

Disable HTTP Management

all

Disable HTTP/HTTPS management access if not required

config system interface
edit <interface_name>
set allowaccess ssh ping
end

🧯 If You Can't Patch

Implement strict network ACLs to limit HTTP access to management interfaces
Deploy WAF or IPS in front of FortiGate devices to filter malicious HTTP requests

🔍 How to Verify

Check if Vulnerable:

Check FortiOS version via CLI: get system status | grep Version

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is patched: get system status | grep Version and confirm version is 7.4.2, 7.2.6, 7.0.13, 6.4.14, 6.2.15, or 6.0.17

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests causing device crash/reboot
System log entries showing service disruption

Network Indicators:

Unusual HTTP traffic patterns to management interfaces
Device becoming unresponsive to legitimate requests

SIEM Query:

source="fortigate" AND (event_type="system" AND message="*crash*" OR message="*reboot*")

📊 Metadata

CVE ID: CVE-2023-42785

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.74% exploit probability (72.4th percentile)

Published: January 14, 2025

Last Updated: January 17, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-23-293 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42785, you might also want to check these: