CVE-2023-41675

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.10 FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.8 FortiProxy versions 7.2.0 through 7.2.2

Description A use after free vulnerability in FortiOS and FortiProxy may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. The vulnerability is related to the use of memory after it has been freed, which can be exploited by sending specially crafted packets.

Recommendations For FortiOS versions 7.0.0 through 7.0.10, update to a version that contains a fix for this issue. For FortiOS versions 7.2.0 through 7.2.4, update to a version that contains a fix for this issue. For FortiProxy versions 7.0.0 through 7.0.8, update to a version that contains a fix for this issue. For FortiProxy versions 7.2.0 through 7.2.2, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection until a patch is available.