Intrusion PreventionFortiOS.SSL.VPN.CVE-2023-36641.Memory.Corruption
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in FortiOS and FortiProxy.
A null pointer dereference in FortiOS and FortiProxy SSL VPN may allow an authenticated attacker to perform a DoS attack on the device via specifically crafted HTTP requests.
Affected Products
FortiOS 7.4.0
FortiOS 7.2.0 through 7.2.5
FortiOS 7.0.0 through 7.0.12
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiProxy 7.2.0 through 7.2.4
FortiProxy 7.0.0 through 7.0.10
FortiProxy 2.0 all versions
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiProxy 1.0 all versions
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.fortiguard.com/psirt/FG-IR-23-151
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-01-09 | 26.711 |
Modified
|
Name:FortiOS. SSL. VPN. CVE-2023-36641. Null. Pointer. Dereference. DoS:FortiOS. SSL. VPN. CVE-2023-36641. Memory. Corruption |
| 2024-01-09 | 26.710 |
Modified
|
Name:FG-VD-53481. 0day:FortiOS. SSL. VPN. CVE-2023-36641. Null. Pointer. Dereference. DoS |
| 2023-08-29 | 25.629 |
Modified
|
Default_action:pass:drop |
| 2023-08-21 | 25.624 |
New
|
| ID | 53481 |
| Created | Aug 21, 2023 |
| Updated | Jan 09, 2024 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 0.47% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |
| Profile Type | Buffer Errors |