Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution


Fortinet on Tuesday announced security updates that address a critical-severity vulnerability in FortiOS and FortiProxy that could be exploited for remote code execution (RCE).

Tracked as CVE-2023-33308 (CVSS score of 9.8), the bug is described as a stack-based overflow issue impacting the deep inspection function in proxy mode.

“A stack-based overflow vulnerability in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection,” Fortinet explains in an advisory.

Because the issue only occurs if deep inspection is enabled on proxy policies or firewall policies with proxy mode, disabling the function prevents exploitation, the cybersecurity firm explains.

The vulnerability impacts FortiOS and FortiProxy versions 7.2.x and 7.0.x and was resolved in FortiOS versions 7.4.0, 7.2.4, and 7.0.11, and FortiProxy versions 7.2.3 and 7.0.10.

Fortinet noted that the bug was addressed in a previous release, without an advisory.

On Tuesday, the company also announced patches for a medium-severity FortiOS vulnerability that could allow an attacker to reuse a deleted user’s session.

Advertisement. Scroll to continue reading.

Tracked as CVE-2023-28001, the flaw exists because an “existing websocket connection persists after deleting API admin”.

“An insufficient session expiration vulnerability in FortiOS REST API may allow an attacker to reuse the session of a deleted user, should the attacker manage to obtain the API token,” Fortinet explains.

The vulnerability impacts FortiOS versions 7.2.x and 7.0.x and was addressed in FortiOS version 7.4.0.

Fortinet users are advised to apply the patches as soon as possible. Unpatched Fortinet products are known to have been exploited in malicious attacks.

Related: Fortinet Patches Critical RCE Vulnerability in FortiNAC

Related: Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Related: Fortinet Patches Critical Vulnerability in Data Analytics Solution



Source link