CVE-2023-33305

4.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb; FortiOS; Fortiproxy
Vendor: CVE Published:; 13 June 2023

Summary

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.4

FortiOS 7.0.0 <= 7.0.10

FortiOS 6.4.0 <= 6.4.13

References

https://fortiguard.com/psirt/FG-IR-22-375

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 22, 2023

Collectors

NVD DatabaseMitre Database