CVE-2023-33306

Summary

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.2.0 <= 7.2.4affected
FortinetFortiOS7.0.0 <= 7.0.10affected
FortinetFortiOS6.4.0 <= 6.4.12affected
FortinetFortiProxy7.2.0 <= 7.2.3affected
FortinetFortiProxy7.0.0 <= 7.0.9affected

Weaknesses

  • CWE-476: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References