Fortinet has revealed a critical severity vulnerability, tracked as CVE-2023-25610, in a new advisory. It is a buffer underwrite vulnerability in FortiOS and FortiProxy that occurs when a program attempts to read more data than is available from a memory buffer.
CVE-2023-25610 has a CVSS score of 9.3; an unauthenticated attacker could exploit it to perform remote code execution (RCE) on the vulnerable device or cause a denial-of-service (DoS) on the GUI by sending specially crafted requests.
Affected Fortinet Products
CVE-2023-25610 affects the administrative interface of FortiOS and FortiProxy in the following versions:
- FortiOS version 7.2.0 – 7.2.3
- FortiOS version 7.0.0 – 7.0.9
- FortiOS version 6.4.0 – 6.4.11
- FortiOS version 6.2.0 – 6.2.12
- FortiOS 6.0 versions
- FortiProxy version 7.2.0 – 7.2.2
- FortiProxy version 7.0.0 – 7.0.8
- FortiProxy version 2.0.0 – 2.0.11
- FortiProxy 1.2 versions
- FortiProxy 1.1 versions
Fortinet’s advisory lists some vulnerable products only affected by denial-of-service (DoS) and notes that all non-listed products that run the affected FortiOS and FortiProxy versions are vulnerable to both remote code execution (RCE) and DoS exploits.
It is recommended that you upgrade your products to the latest version available:
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.10 or above
- FortiOS version 6.4.12 or above
- FortiOS version 6.2.13 or above
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.9 or above
- FortiProxy version 2.0.12 or above
- FortiOS-6K7K version 7.0.10 or above
- FortiOS-6K7K version 6.4.12 or above
- FortiOS-6K7K version 6.2.13 or above
Fortinet has recommended a workaround for users who are unable to apply the updates. They suggest either disabling the HTTP/HTTPS administrative interface or limiting remote access to specific IP addresses.
For further information and instructions regarding CVE-2023-25610, you can check Fortinet’s advisory.
Recently, Fortinet fixed two severe vulnerabilities (CVE-2022-39952 and CVE-2021-42756) in FortiNAC and FortiWeb products. Threat actors started utilizing the vulnerabilities just days after the patch when an exploit became publicly available.
Like the CVE-2023-25610 vulnerability, the CVE-2022-39952 and CVE-2021-42756 vulnerabilities require no authentication. Threat actors highly seek vulnerabilities that do not require authentication and can easily gain initial access to corporate networks by exploiting them; therefore, users of Fortinet products are urged to apply patches immediately.
Monitor Your Perimeter for Critical Vulnerabilities with SOCRadar