CVE-2023-33305

EUVD-2023-37468
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions,  FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
fortinetCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
1.0.0 ≤
𝑥
≤ 1.0.7
fortinetfortiproxy
1.1.0 ≤
𝑥
≤ 1.1.6
fortinetfortiproxy
1.2.0 ≤
𝑥
≤ 1.2.13
fortinetfortiproxy
2.0.0 ≤
𝑥
≤ 2.0.12
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.9
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.3
fortinetfortiweb
6.3.0 ≤
𝑥
≤ 6.3.23
fortinetfortiweb
6.4.0 ≤
𝑥
≤ 6.4.3
fortinetfortiweb
7.0.0 ≤
𝑥
≤ 7.0.6
fortinetfortiweb
7.2.0
fortinetfortiweb
7.2.1
fortinetfortios
5.0.0 ≤
𝑥
≤ 5.0.14
fortinetfortios
5.2.0 ≤
𝑥
≤ 5.2.15
fortinetfortios
5.4.0 ≤
𝑥
≤ 5.4.13
fortinetfortios
5.6.0 ≤
𝑥
≤ 5.6.14
fortinetfortios
6.0.0 ≤
𝑥
≤ 6.0.17
fortinetfortios
6.2.0 ≤
𝑥
≤ 6.2.15
fortinetfortios
6.4.0 ≤
𝑥
≤ 6.4.13
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.9
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-22-375
https://fortiguard.com/psirt/FG-IR-22-375