PT-2023-3228 · Fortinet · Fortiproxy+1

Publicado

2023-06-16

Atualizado

2023-06-23

CVE-2023-33307

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.2.5 FortiOS versions prior to 7.0.11 FortiProxy versions prior to 7.2.3 FortiProxy versions prior to 7.0.9

Description The issue is related to a null pointer dereference, which can be exploited by an attacker to cause a denial of service in the SSL-VPN service. This can be achieved by sending a specifically crafted request in the network parameter. The vulnerability can be exploited remotely.

Recommendations For FortiOS versions prior to 7.2.5, update to version 7.2.5 or later. For FortiOS versions prior to 7.0.11, update to version 7.0.11 or later. For FortiProxy versions prior to 7.2.3, update to version 7.2.3 or later. For FortiProxy versions prior to 7.0.9, update to version 7.0.9 or later. As a temporary workaround, consider restricting access to the SSL-VPN service until a patch is available.

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

BDU:2023-03349

CVE-2023-33307

Produtos afetados

Fortios

Fortiproxy

PT-2023-3228 · Fortinet · Fortiproxy+1

CVE-2023-33307

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8