CVE-2023-36641

Summary

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.2.0 <= 7.2.4affected
FortinetFortiProxy7.0.0 <= 7.0.10affected
FortinetFortiProxy2.0.0 <= 2.0.13affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.0 <= 7.0.12affected
FortinetFortiOS6.4.0 <= 6.4.14affected
FortinetFortiOS6.2.0 <= 6.2.15affected
FortinetFortiOS6.0.0 <= 6.0.17affected

Weaknesses

  • CWE-197: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References