CVE-2023-33305
First published: Tue Jun 13 2023(Updated: )
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.12 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.9 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.3 | |
| Fortinet FortiWeb | >=6.3.0<=6.3.23 | |
| Fortinet FortiWeb | >=6.4.0<=6.4.3 | |
| Fortinet FortiWeb | >=7.0.0<=7.0.6 | |
| Fortinet FortiWeb | =7.2.0 | |
| Fortinet FortiWeb | =7.2.1 | |
| Fortinet FortiOS | >=5.0.0<=5.0.14 | |
| Fortinet FortiOS | >=5.2.0<=5.2.15 | |
| Fortinet FortiOS | >=5.4.0<=5.4.13 | |
| Fortinet FortiOS | >=5.6.0<=5.6.14 | |
| Fortinet FortiOS | >=6.0.0<=6.0.17 | |
| Fortinet FortiOS | >=6.2.0<=6.2.15 | |
| Fortinet FortiOS | >=6.4.0<=6.4.13 | |
| Fortinet FortiOS | >=7.0.0<=7.0.9 | |
| Fortinet FortiOS | >=7.2.0<=7.2.4 |
Remedy
Please upgrade to FortiPAM version 1.0.0 or above Please upgrade to FortiWeb version 7.2.2 or above Please upgrade to FortiWeb version 7.0.7 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Fortinet vulnerability?
The vulnerability ID for this Fortinet vulnerability is CVE-2023-33305.
Which software versions are affected by this vulnerability?
Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0 and more.
What is the severity of CVE-2023-33305?
The severity of CVE-2023-33305 is medium with a CVSS score of 6.5.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The CWE ID for this vulnerability is CWE-835.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: [FortiGuard Advisory FG-IR-22-375](https://fortiguard.com/psirt/FG-IR-22-375).
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/1.0.7
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.12
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.9
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.3
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.3.0
- version/fortinet fortiweb/6.3.23
- version/fortinet fortiweb/6.4.0
- version/fortinet fortiweb/6.4.3
- version/fortinet fortiweb/7.0.0
- version/fortinet fortiweb/7.0.6
- version/fortinet fortiweb/7.2.0
- version/fortinet fortiweb/7.2.1
- canonical/fortinet fortios
- version/fortinet fortios/5.0.0
- version/fortinet fortios/5.0.14
- version/fortinet fortios/5.2.0
- version/fortinet fortios/5.2.15
- version/fortinet fortios/5.4.0
- version/fortinet fortios/5.4.13
- version/fortinet fortios/5.6.0
- version/fortinet fortios/5.6.14
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.17
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.15
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.13
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.9
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.4