CVE-2023-33305

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0 through 7.2.4 FortiProxy versions 1.0 through 7.2.3 FortiWeb versions 6.3 through 7.2.1

Description The issue is related to a loop with an unreachable exit condition, also known as an 'infinite loop', which can be exploited by an attacker to perform a denial of service via specially crafted HTTP requests. This can be done remotely.

Recommendations For FortiOS versions 6.0 through 7.2.4, update to a version that contains a fix for this issue. For FortiProxy versions 1.0 through 7.2.3, update to a version that contains a fix for this issue. For FortiWeb versions 6.3 through 7.2.1, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable systems to minimize the risk of exploitation.