PSIRT Advisories
FortiOS & FortiProxy - Webproxy 拒絕服務
Summary:
A use after free vulnerability [CWE-416] in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Affected Products:
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
Solutions:
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.11 or above
Please upgrade to FortiProxy version 7.2.3 or above
Please upgrade to FortiProxy version 7.0.9 or above
FortiSASE is no longer impacted, issue remediated Q2/23
Acknowledgement:
Internally discovered during Fortinet TAC investigation.
Official Announcement:
FortiOS & FortiProxy - Webproxy process denial of service
If you have any questions, please call us or please refer to our company's official website
(Official website:www.milestone.com.tw)
milestone
Contact us:02-8227-8588
Email:
[email protected]