CVE-2023-33307

EUVD-2023-37470
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
fortinetCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.9
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.3
fortinetfortios
7.0.0 ≤
𝑥
< 7.0.11
fortinetfortios
7.2.0 ≤
𝑥
< 7.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-23-015
https://exchange.xforce.ibmcloud.com/vulnerabilities/258201
https://fortiguard.com/psirt/FG-IR-23-015