March 9, 2023Rabbi LakshmananNetwork Security / Firewall

Fortinet has released a hotfix Addressed 15 security flawsIt contains one critical vulnerability affecting FortiOS and FortiProxy that could allow an attacker to take control of the affected system.

The issue is tracked as CVE-2023-25610which has a severity rating of 9.3 out of 10 and was discovered and reported internally by our security team.

A buffer underwriting (“buffer underflow”) vulnerability in the FortiOS and FortiProxy management interface could allow a remote, unauthenticated attacker to execute arbitrary code on the device via specially crafted requests. or do a DoS in the GUI. ” Said in advisory.

underflow bugalso called buffer underrunoccurs when the input data is shorter than the reserved space, causing unexpected behavior and exposing sensitive data from memory.

Other possible consequences include memory corruption, which can be weaponized to induce crashes or execute arbitrary code.

Fortinet said it was not aware of any malicious exploitation attempts for this flaw. Action is essential.

The following versions of FortiOS and FortiProxy are affected –

  • FortiOS versions 7.2.0 through 7.2.3
  • FortiOS versions 7.0.0 through 7.0.9
  • FortiOS versions 6.4.0 through 6.4.11
  • FortiOS versions 6.2.0 through 6.2.12
  • FortiOS 6.0 All versions
  • FortiProxy version 7.2.0 to 7.2.2
  • FortiProxy version 7.0.0 to 7.0.8
  • FortiProxy version 2.0.0 to 2.0.11
  • FortiProxy 1.2 All versions
  • FortiProxy 1.1 All versions

The fix is ​​available for FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0. FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10. FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.


Discover the hidden dangers of third-party SaaS apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.

reserve a seat

As a workaround, Fortinet advises users to disable the HTTP/HTTPS management interface or limit the IP addresses that can access it.

The disclosure comes several weeks after the network security firm issued fixes for 40 vulnerabilities. Two of them are rated Critical and affect the FortiNAC (CVE-2022-39952) and FortiWeb (CVE-2021-42756) products.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog