CVE-2023-36641

Name of the Vulnerable Software and Affected Versions FortiProxy versions 1.0 through 7.2.4 FortiProxy version 7.0.0 through 7.0.10 FortiOS version 6.0 through 7.4.0 FortiOS version 7.2.0 through 7.2.5 FortiOS version 7.0.0 through 7.0.12

Description A numeric truncation error in Fortinet FortiProxy and FortiOS allows an attacker to cause a denial of service via specifically crafted HTTP requests. The issue is related to errors in numeric truncation. Exploitation of the issue may allow a remote attacker to cause a denial of service.

Recommendations For FortiProxy versions 1.0 through 7.2.4, update to a version that contains a fix for this issue. For FortiProxy version 7.0.0 through 7.0.10, update to a version that contains a fix for this issue. For FortiOS version 6.0 through 7.4.0, update to a version that contains a fix for this issue. For FortiOS version 7.2.0 through 7.2.5, update to a version that contains a fix for this issue. For FortiOS version 7.0.0 through 7.0.12, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoints until a patch is available.