CVE-2023-29178

Name of the Vulnerable Software and Affected Versions FortiProxy versions 7.2.0 through 7.2.3 and before 7.0.9 FortiOS versions 7.2.0 through 7.2.4 and before 7.0.11

Description The issue is related to an access of uninitialized pointer vulnerability. This allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

Recommendations For FortiProxy versions 7.2.0 through 7.2.3, update to a version after 7.2.3 or apply a patch if available. For FortiProxy versions before 7.0.9, update to a version 7.0.9 or later. For FortiOS versions 7.2.0 through 7.2.4, update to a version after 7.2.4 or apply a patch if available. For FortiOS versions before 7.0.11, update to a version 7.0.11 or later. As a temporary workaround, consider restricting access to the administrative interface API to minimize the risk of exploitation.