First published: Tue Nov 14 2023(Updated: )
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
Fortinet FortiProxy | >=2.0.0<=2.0.13 | |
Fortinet FortiProxy | >=7.0.0<=7.0.10 | |
Fortinet FortiProxy | >=7.2.0<=7.2.4 | |
Fortinet FortiOS | >=6.0.0<=6.0.17 | |
Fortinet FortiOS | >=6.2.0<=6.2.15 | |
Fortinet FortiOS | >=6.4.0<=6.4.14 | |
Fortinet FortiOS | >=7.0.0<=7.0.12 | |
Fortinet FortiOS | >=7.2.0<=7.2.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Fortinet FortiProxy vulnerability is CVE-2023-36641.
The severity of CVE-2023-36641 is medium, with a CVSS score of 6.2.
Fortinet FortiProxy versions 1.0.0 through 1.0.7, 1.1.0 through 1.1.6, 1.2.0 through 1.2.13, 2.0.0 through 2.0.13, 7.0.0 through 7.0.10, and 7.2.0 through 7.2.4 are affected by CVE-2023-36641.
FortiOS versions 6.0.0 through 6.0.17, 6.2.0 through 6.2.15, 6.4.0 through 6.4.14, 7.0.0 through 7.0.12, and 7.2.0 through 7.2.5 are affected by CVE-2023-36641.
To fix CVE-2023-36641, it is recommended to update to a patched version of Fortinet FortiProxy or FortiOS when available. Please refer to the vendor's security advisory for more information.