FG-IR-23-184: Webproxy process denial of service
First published: Tue Oct 10 2023(Updated: )
A use after free vulnerability [CWE-416] in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FortiOS | ||
| Fortinet FortiProxy SSL VPN webmode |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-23-184?
The FG-IR-23-184 vulnerability is classified as a critical issue that can lead to the crashing of the Web Proxy process.
How do I fix FG-IR-23-184?
To mitigate FG-IR-23-184, upgrade to the latest version of FortiOS or FortiProxy provided by Fortinet.
Can FG-IR-23-184 be exploited remotely?
Yes, FG-IR-23-184 can be exploited by unauthenticated remote attackers through crafted packets.
What products are affected by FG-IR-23-184?
FG-IR-23-184 affects Fortinet FortiOS and FortiProxy that utilize proxy mode with SSL deep packet inspection.
What impact does FG-IR-23-184 have on my systems?
FG-IR-23-184 can lead to service disruption by crashing the Web Proxy process on affected systems.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/last-modified-date
- collector/fortiguard-psirt
- source/FortiGuard
- alias/CVE-2023-41675
- agent/title
- collector/fortiguard-psirt-latest
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortios
- canonical/fortinet fortiproxy ssl vpn webmode