CVSS Score of 10 (low)


Published Jun 13, 2023
Updated: Nov 7, 2023
CWE ID 835


CVE-2023-33305 is a vulnerability that affects multiple versions of Fortinet FortiOS, FortiProxy, and FortiWeb products. Specifically, it impacts FortiOS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 6.4, 6.2, and 6.0; FortiProxy versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.9, and all versions of 1.x; and FortiWeb versions 7.2.0 through 7.2.1 and 7.0 through 7.0.6. The vulnerability allows an attacker to perform a denial of service attack by exploiting an infinite loop with an unreachable exit condition in the affected products when receiving specially crafted HTTP requests. The risk level associated with CVE-2023-33305 is rated as medium (score: 27). The vulnerability does not require high privileges or user interaction for exploitation and has a low attack complexity. To remediate this vulnerability, it is recommended to update the affected products to the latest available versions provided by Fortinet. This vulnerability poses a potential danger to organizations using the affected products as it can result in denial of service, impacting the availability of their network infrastructure or web services.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-33305 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options