CVE-2023-33306

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

Published: Jun 16, 2023
Updated: Jun 24, 2023
CVE: CVE-2023-33306
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
fortinet / fortios	7.0.0	7.0.11
fortinet / fortiproxy	7.2.0	7.2.4
fortinet / fortiproxy	7.0.0	7.0.10
fortinet / fortios	7.2.0	7.2.5
fortinet / fortios	6.4.0	6.4.13

https://fortiguard.com/psirt/FG-IR-23-015

Vulnerability Database

289,784

CVE-2023-33306