CVE-2023-36641

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 14, 2023
Updated: Nov 20, 2023
CWE ID 197

Summary

CVE-2023-36641 is a denial-of-service vulnerability affecting multiple Fortinet FortiProxy and FortiOS versions, including 7.2.0 through 7.2.4, 7.0.0 through 7.0.12, and all versions of FortiProxy 1.0 through 2.0. This issue stems from a numeric truncation error that allows an attacker to send specifically crafted HTTP requests, leading to a denial-of-service condition. The vulnerability impacts FortiProxy versions 1.0 through 2.0 and FortiOS versions 6.0 through 7.4.0. Users are advised to update their software to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • FortiOS
  • Fortinet FortiProxy

Affected Vendors

  • Fortinet