An integer overflow or wraparound flaw exists in several Fortinet FortiWeb firmware releases. The vulnerability, identified as CWE-190, could allow an attacker to trigger a denial of service by causing an internal counter to exceed its bounds and corrupt memory or reset processing loops. According to the description, the exact method of exploitation is not explicitly provided, so it is inferred that the attacker would need to send a specially crafted HTTP request or sequence of requests to the FortiWeb appliance, but the high-level impact remains a service disruption.

Vendors and products affected are Fortinet FortiWeb appliances running firmware versions 8.0.0 through 8.0.3, 7.6.0 through 7.6.6, all published 7.4 releases, all 7.2 releases, and all 7.0 releases. The recommended mitigation is to upgrade to FortiWeb 8.0.4 or newer, or to upgrade to 7.6.7 or newer if operating on a 7.x branch. For older branches, applying the latest patch release available from Fortinet is advised.

The CVSS score of 4.4 indicates moderate severity, reflecting that this flaw primarily causes service disruption without granting attacker remote code execution. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Nonetheless, the flaw could be leveraged by attackers who can reach the FortiWeb appliance over the network, and its exploitability is likely low to moderate, meaning that while the attack may not be widespread, it is still significant for environments running the affected firmware.