FortiOS and FortiProxy Heap Buffer Underflow Vulnerability in Administrative Interface

Vulnerability CVE-2023-25610 could allow an unauthenticated, remote attacker to execute arbitrary code or achieve a denial-of-service on the GUI, via specifically crafted requests.

Threat ID:: CC-4278
Threat Severity:: Medium
Published:: 9 March 2023 5:14 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Vulnerability CVE-2023-25610 could allow an unauthenticated, remote attacker to execute arbitrary code or achieve a denial-of-service on the GUI, via specifically crafted requests.

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions

Fortinet FortiProxy

FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

Threat details

Introduction

Fortinet has released a security advisory to address CVE-2023-25610, a heap-based buffer underflow vulnerability in FortiOS and FortiProxy with a CVSSv3 score of 9.3. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code or perform a denial-of-service (DoS) on the GUI via specifically crafted requests.

Remediation advice

Affected organisations are encouraged to review Fortinet's Security Advisory and apply the relevant updates.

Definitive source of threat updates

https://www.fortiguard.com/psirt/FG-IR-23-001

CVE Vulnerabilities

Status Reserved

CVE-2023-25610

Last edited: 9 March 2023 5:14 pm