SOCRadar® Cyber Intelligence Inc. | Critical Unauthenticated RCE Vulnerability in Fortinet Products: CVE-2023-25610
Home

Resources

Blog
Mar 09, 2023
3 Mins Read

Critical Unauthenticated RCE Vulnerability in Fortinet Products: CVE-2023-25610

Fortinet has revealed a critical severity vulnerability, tracked as CVE-2023-25610, in a new advisory. It is a buffer underwrite vulnerability in FortiOS and FortiProxy that occurs when a program attempts to read more data than is available from a memory buffer.

CVE-2023-25610 has a CVSS score of 9.3; an unauthenticated attacker could exploit it to perform remote code execution (RCE) on the vulnerable device or cause a denial-of-service (DoS) on the GUI by sending specially crafted requests.

Affected Fortinet Products

CVE-2023-25610 affects the administrative interface of FortiOS and FortiProxy in the following versions:

  • FortiOS version 7.2.0 – 7.2.3
  • FortiOS version 7.0.0 – 7.0.9
  • FortiOS version 6.4.0 – 6.4.11
  • FortiOS version 6.2.0 – 6.2.12
  • FortiOS 6.0 versions
  • FortiProxy version 7.2.0 – 7.2.2
  • FortiProxy version 7.0.0 – 7.0.8
  • FortiProxy version 2.0.0 – 2.0.11
  • FortiProxy 1.2 versions
  • FortiProxy 1.1 versions

Fortinet’s advisory lists some vulnerable products only affected by denial-of-service (DoS) and notes that all non-listed products that run the affected FortiOS and FortiProxy versions are vulnerable to both remote code execution (RCE) and DoS exploits.

It is recommended that you upgrade your products to the latest version available:

  • FortiOS version 7.4.0 or above
  • FortiOS version 7.2.4 or above
  • FortiOS version 7.0.10 or above
  • FortiOS version 6.4.12 or above
  • FortiOS version 6.2.13 or above
  • FortiProxy version 7.2.3 or above
  • FortiProxy version 7.0.9 or above
  • FortiProxy version 2.0.12 or above
  • FortiOS-6K7K version 7.0.10 or above
  • FortiOS-6K7K version 6.4.12 or above
  • FortiOS-6K7K version 6.2.13 or above 

Fortinet has recommended a workaround for users who are unable to apply the updates. They suggest either disabling the HTTP/HTTPS administrative interface or limiting remote access to specific IP addresses. 

For further information and instructions regarding CVE-2023-25610, you can check Fortinet’s advisory.

Recently, Fortinet fixed two severe vulnerabilities (CVE-2022-39952 and CVE-2021-42756) in FortiNAC and FortiWeb products. Threat actors started utilizing the vulnerabilities just days after the patch when an exploit became publicly available. 

Like the CVE-2023-25610 vulnerability, the CVE-2022-39952 and CVE-2021-42756 vulnerabilities require no authentication. Threat actors highly seek vulnerabilities that do not require authentication and can easily gain initial access to corporate networks by exploiting them; therefore, users of Fortinet products are urged to apply patches immediately.

Monitor Your Perimeter for Critical Vulnerabilities with SOCRadar

SOCRadar offers continuous monitoring of your perimeter from an external perspective to detect critical vulnerabilities that threat actors can exploit. Its scanning engine can alert you when a critical vulnerability is linked to your digital assets, such as web application firewalls, VPN appliances, network services, web applications, JavaScript libraries, software, and CMS applications.