CVE-2023-33305

Summary

CVE-2023-33305 is a vulnerability that affects multiple versions of Fortinet FortiOS, FortiProxy, and FortiWeb products. Specifically, it impacts FortiOS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 6.4, 6.2, and 6.0; FortiProxy versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.9, and all versions of 1.x; and FortiWeb versions 7.2.0 through 7.2.1 and 7.0 through 7.0.6. The vulnerability allows an attacker to perform a denial of service attack by exploiting an infinite loop with an unreachable exit condition in the affected products when receiving specially crafted HTTP requests. The risk level associated with CVE-2023-33305 is rated as medium (score: 27). The vulnerability does not require high privileges or user interaction for exploitation and has a low attack complexity. To remediate this vulnerability, it is recommended to update the affected products to the latest available versions provided by Fortinet. This vulnerability poses a potential danger to organizations using the affected products as it can result in denial of service, impacting the availability of their network infrastructure or web services.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.