CVE-2023-33305 — Infinite Loop in Fortinet Fortios

CWE-835 — Infinite Loop4 documents4 sources

Severity

6.5MEDIUMNVD

CNA4.9

EPSS

0.2%

top 55.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortiweb

Timeline

PublishedJun 13

Description

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiW…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.3+5

▶NVDfortinet/fortiproxy1.0.0 — 1.0.7+5

▶CVEListV5fortinet/fortios7.2.0 — 7.2.4+8

▶NVDfortinet/fortios5.0.0 — 5.0.14+8

▶CVEListV5fortinet/fortiweb7.2.0 — 7.2.1+3

🔴Vulnerability Details

CVEList

CVE-2023-33305: A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7↗2023-06-13

▶

GHSA

GHSA-vrv2-gjv8-mw36: A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7↗2023-06-13

▶

📋Vendor Advisories

Fortinet

DoS in firmware upgrade function↗2023-06-13

▶