CVE-2023-36641
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 14, 2023
Updated: Nov 20, 2023
CWE ID 197
Summary
CVE-2023-36641 is a denial-of-service vulnerability affecting multiple Fortinet FortiProxy and FortiOS versions, including 7.2.0 through 7.2.4, 7.0.0 through 7.0.12, and all versions of FortiProxy 1.0 through 2.0. This issue stems from a numeric truncation error that allows an attacker to send specifically crafted HTTP requests, leading to a denial-of-service condition. The vulnerability impacts FortiProxy versions 1.0 through 2.0 and FortiOS versions 6.0 through 7.4.0. Users are advised to update their software to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- FortiOS
- Fortinet FortiProxy
Affected Vendors
- Fortinet