FortiOS & FortiProxy - DOS in headers management

Summary

A null pointer dereference [CWE-476] in FortiOS and FortiProxy SSL VPN may allow an authenticated attacker to perform a DoS attack on the device via specifically crafted HTTP requests.

Version Affected Solution
FortiOS 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiOS 7.2 7.2.0 through 7.2.5 Upgrade to 7.2.6 or above
FortiOS 7.0 7.0.0 through 7.0.12 Upgrade to 7.0.13 or above
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiOS 6.0 6.0 all versions Migrate to a fixed release
FortiProxy 7.2 7.2.0 through 7.2.4 Upgrade to 7.2.5 or above
FortiProxy 7.0 7.0.0 through 7.0.10 Upgrade to 7.0.11 or above
FortiProxy 2.0 2.0 all versions Migrate to a fixed release
FortiProxy 1.2 1.2 all versions Migrate to a fixed release
FortiProxy 1.1 1.1 all versions Migrate to a fixed release
FortiProxy 1.0 1.0 all versions Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Virtual Patch named "FortiOS.SSL.VPN.Proxy.Debug.Information.DoS." is available in FMWP db update 23.082

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team in the frame of an internal audit of the SSL-VPN component.

Timeline

2023-11-09: Initial publication
2023-11-14: Added IPS package info
2024-01-10: virtual patch renamed "FortiOS.SSL.VPN.CVE-2023-36641.Memory.Corruption"