CVE-2023-42785

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0 through 7.4.1

Description The issue is related to a null pointer dereference in FortiOS, which can be exploited by a remote attacker to trigger a denial of service via a crafted HTTP request. This can allow the attacker to crash the VPN service.

Recommendations For FortiOS versions 6.0 through 7.4.1, consider disabling the HTTP request handling functionality until a patch is available to prevent the denial of service. As a temporary workaround, restrict access to the VPN service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.