CVE-2023-29179

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4.0 through 6.4.12 Fortinet FortiOS versions 7.0.0 through 7.0.11 Fortinet FortiOS versions 7.2.0 through 7.2.4 Fortiproxy versions 7.0.0 through 7.0.10 Fortiproxy versions 7.2.0 through 7.2.4

Description A null pointer dereference issue allows an attacker to cause a denial of service via specially crafted HTTP requests to the /proxy endpoint. This can be exploited by a remote attacker to crash the SSL-VPN daemon.

Recommendations For Fortinet FortiOS versions 6.4.0 through 6.4.12, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.0.0 through 7.0.11, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.2.0 through 7.2.4, update to a version that includes the fix for this issue. For Fortiproxy versions 7.0.0 through 7.0.10, update to a version that includes the fix for this issue. For Fortiproxy versions 7.2.0 through 7.2.4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the /proxy endpoint to minimize the risk of exploitation.