Rewterz Threat Update – Report on Shell Falls Victim to Clop Ransomware Attack
June 19, 2023Rewterz Threat Alert – Gh0st RAT – A Decades-Old Open-Source Remote Administration Tool (RAT) – Active IOCs
June 19, 2023Rewterz Threat Update – Report on Shell Falls Victim to Clop Ransomware Attack
June 19, 2023Rewterz Threat Alert – Gh0st RAT – A Decades-Old Open-Source Remote Administration Tool (RAT) – Active IOCs
June 19, 2023Severity
Medium
Analysis Summary
CVE-2023-33306 CVSS:6.5
Fortinet FortiOS and FortiProxy is vulnerable to a denial of service, caused by a NULL pointer dereference in the sslvpn service. By sending a specially crafted request using the bookmark parameter, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-33307 CVSS:6.5
Fortinet FortiOS and FortiProxy is vulnerable to a denial of service, caused by a NULL pointer dereference in the sslvpn service. By sending a specially crafted request using the network parameter, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-33306
- CVE-2023-33307
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiOS 7.0.0
- Fortinet FortiProxy 7.0.0
- Fortinet FortiOS 7.2.0
- Fortinet FortiProxy 7.2.0
- Fortinet FortiProxy 7.0.8
- Fortinet FortiProxy 7.2.2
- Fortinet FortiOS 7.2.4
- Fortinet FortiOS 7.0.10
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.