CVE-2023-33305

Published Jun 13, 2023

Last updated a year ago

CVSS medium 6.5

Overview

Description: A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-835
psirt@fortinet.com: CWE-835

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22936F53-4480-4011-9211-174D1C507E87",
            "versionEndIncluding": "1.0.7",
            "versionStartIncluding": "1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
            "versionEndIncluding": "1.1.6",
            "versionStartIncluding": "1.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05",
            "versionEndIncluding": "1.2.13",
            "versionStartIncluding": "1.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C1D5E6B-A23E-4A92-B53C-720AFEB1B951",
            "versionEndIncluding": "2.0.12",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAC18F7E-5242-4F36-BB42-FEC33B3AC075",
            "versionEndIncluding": "7.0.9",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A99FF48-370E-4D2A-B5CC-889EA21AB213",
            "versionEndIncluding": "7.2.3",
            "versionStartIncluding": "7.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29BAA789-62A7-4040-B6F7-8E70FFBA0399",
            "versionEndIncluding": "6.3.23",
            "versionStartIncluding": "6.3.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF5ED7B3-39F3-49FD-82D9-72CAB2D68636",
            "versionEndIncluding": "6.4.3",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00A1259A-261F-47B9-8DFA-16C7C67F27E0",
            "versionEndIncluding": "7.0.6",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E2F1B5C-5CD3-4614-9B4D-E9D91FCF9321"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "962B85ED-89C2-4453-9F59-F242031A2E46"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BB7E21E-A68B-44FC-8F0E-EF5926186F26",
            "versionEndIncluding": "5.0.14",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F93F9C8-6064-4CED-88DF-3580C517AB51",
            "versionEndIncluding": "5.2.15",
            "versionStartIncluding": "5.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0507F264-9E8D-4F9D-AB18-0C6CA5BD69F0",
            "versionEndIncluding": "5.4.13",
            "versionStartIncluding": "5.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC0AFBC1-5C11-412E-9979-AF89DD26EFCD",
            "versionEndIncluding": "5.6.14",
            "versionStartIncluding": "5.6.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0135464C-532C-430D-A76C-2FCDE4C991D1",
            "versionEndIncluding": "6.0.17",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99",
            "versionEndIncluding": "6.2.15",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D962937C-B057-4422-A672-8DD2F3C3B3B6",
            "versionEndIncluding": "6.4.13",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E775D02-7C02-40BE-A118-D874B9BBC936",
            "versionEndIncluding": "7.0.9",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25",
            "versionEndIncluding": "7.2.4",
            "versionStartIncluding": "7.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References