{"api_version":"1","generated_at":"2026-04-23T06:21:05+00:00","cve":"CVE-2023-33307","urls":{"html":"https://cve.report/CVE-2023-33307","api":"https://cve.report/api/cve/CVE-2023-33307.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-33307","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-33307"},"summary":{"title":"CVE-2023-33307","description":"A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2023-06-16 10:15:00","updated_at":"2023-11-07 04:14:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-015","name":"https://fortiguard.com/psirt/FG-IR-23-015","refsource":"MISC","tags":[],"title":"PSIRT Advisories | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/258201","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/258201","refsource":"MISC","tags":["Third Party Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-33307","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33307","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"33307","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33307","vulnerable":"1","versionEndIncluding":"7.0.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortiproxy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33307","vulnerable":"1","versionEndIncluding":"7.2.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortiproxy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-33307","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of service","cweId":"CWE-476"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"FortiOS","version":{"version_data":[{"version_affected":"<=","version_name":"7.2.0","version_value":"7.2.4"},{"version_affected":"<=","version_name":"7.0.0","version_value":"7.0.10"}]}},{"product_name":"FortiProxy","version":{"version_data":[{"version_affected":"<=","version_name":"7.2.0","version_value":"7.2.2"},{"version_affected":"<=","version_name":"7.0.0","version_value":"7.0.8"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fortiguard.com/psirt/FG-IR-23-015","refsource":"MISC","name":"https://fortiguard.com/psirt/FG-IR-23-015"}]},"solution":[{"lang":"en","value":"Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above"}],"impact":{"cvss":[{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C"}]}},"nvd":{"publishedDate":"2023-06-16 10:15:00","lastModifiedDate":"2023-11-07 04:14:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}