Fortinet addressed a critical heap buffer underflow vulnerability affecting FortiOS and FortiProxy, which can lead to arbitrary code execution.
Fortinet addressed a critical buffer underwrite (‘buffer underflow’) vulnerability, tracked as CVE-2023-25610 (CVSS v3 9.3), that resides in the administrative interface in FortiOS and FortiProxy. A remote, unauthenticated attacker can exploit the vulnerability to execute arbitrary code on the vulnerable device and trigger a DoS condition on the GUI, by sending specifically crafted requests.
The vulnerability affects the following products:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0, all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2, all versions
FortiProxy 1.1, all versions
The security vendor released the following updates to address the issue:
FortiOS version 7.4.0 or above
FortiOS version 7.2.4 or above
FortiOS version 7.0.10 or above
FortiOS version 6.4.12 or above
FortiOS version 6.2.13 or above
FortiProxy version 7.2.3 or above
FortiProxy version 7.0.9 or above
FortiProxy version 2.0.12 or above
FortiOS-6K7K version 7.0.10 or above
FortiOS-6K7K version 6.4.12 or above
FortiOS-6K7K version 6.2.13 or above
The company announced that it is not aware of attacks in the wild exploiting this vulnerability.
The advisory includes a list of models for which the flaw’s exploitation can only trigger a DoS condition.
Fortinet also provides a workaround for the flaw, the company recommends disabling the HTTP/HTTPS administrative interface or limiting the IP addresses that can reach the administrative interface.
The security vendor acknowledged Kai Ni from the Burnaby InfoSec team for reporting the flaw.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, FortiOS)
The post A critical flaw affects Fortinet FortiOS and FortiProxy, patch it now! appeared first on Security Affairs.