CVE-2023-42786

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0 through 7.4.1 FortiOS version 7.0 and all prior versions

Description A null pointer dereference in FortiOS allows an attacker to trigger a denial of service via a crafted http request. This issue may also allow a remote attacker with low privileges to crash the vpn service.

Recommendations For FortiOS versions 6.0 through 7.4.1, update to a version that includes the fix for this issue. For FortiOS version 7.0 and all prior versions, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable http endpoint until a patch is available.