CVE-2023-33306

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.2.5 FortiOS versions prior to 7.0.11 FortiOS versions prior to 6.4.13 FortiProxy versions prior to 7.2.4 FortiProxy versions prior to 7.0.10

Description The issue is related to a null pointer dereference that can cause a denial of service in the SSL-VPN service. This can be triggered by a specifically crafted request in the bookmark parameter, allowing an attacker to disrupt the service. The vulnerability can be exploited by a remote attacker and may result in a crash of the SSL-VPN service.

Recommendations For FortiOS versions prior to 7.2.5, update to version 7.2.5 or later. For FortiOS versions prior to 7.0.11, update to version 7.0.11 or later. For FortiOS versions prior to 6.4.13, update to version 6.4.13 or later. For FortiProxy versions prior to 7.2.4, update to version 7.2.4 or later. For FortiProxy versions prior to 7.0.10, update to version 7.0.10 or later. As a temporary workaround, consider restricting access to the SSL-VPN service to minimize the risk of exploitation.