CVE-2023-33306 — NULL Pointer Dereference in Fortinet Fortios

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 53.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedJun 16

Description

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDfortinet/fortios6.4.0 — 6.4.13+2

▶NVDfortinet/fortiproxy7.0.0 — 7.0.10+1

▶CVEListV5fortinet/fortios7.2.0 — 7.2.4+2

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.3+1

🔴Vulnerability Details

CVEList

CVE-2023-33306: A null pointer dereference in Fortinet FortiOS before 7↗2023-06-16

▶

GHSA

GHSA-7v3x-c3w3-h992: A null pointer dereference in Fortinet FortiOS before 7↗2023-06-16

▶

📋Vendor Advisories

Fortinet

Authenticated user null pointer dereference in SSL-VPN↗2023-06-16

▶