CVE-2023-33305

Summary

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.2.0 <= 7.2.1affected
FortinetFortiWeb7.0.0 <= 7.0.6affected
FortinetFortiWeb6.4.0 <= 6.4.3affected
FortinetFortiWeb6.3.0 <= 6.3.23affected
FortinetFortiOS7.2.0 <= 7.2.4affected
FortinetFortiOS7.0.0 <= 7.0.10affected
FortinetFortiOS6.4.0 <= 6.4.13affected
FortinetFortiOS6.2.0 <= 6.2.15affected
FortinetFortiOS6.0.0 <= 6.0.17affected
FortinetFortiOS5.6.0 <= 5.6.14affected
FortinetFortiOS5.4.0 <= 5.4.13affected
FortinetFortiOS5.2.0 <= 5.2.15affected
FortinetFortiOS5.0.0 <= 5.0.14affected
FortinetFortiProxy7.2.0 <= 7.2.3affected
FortinetFortiProxy7.0.0 <= 7.0.9affected
FortinetFortiProxy2.0.0 <= 2.0.12affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected

Weaknesses

  • CWE-835: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References