THREAT LEVEL - HIGH

09-03-2023

New Critical Flaw in FortiOS and FortiProxy

Threat Level Description 

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

 

Description 

We have observed that a new critical vulnerability in FortiOS and FortiProxy, has been identified.

An attacker, by exploiting this vulnerability, could achieve remote code execution or perform denial of service (DoS) on the vulnerable devices.

This critical vulnerability, tracked as CVE-2023-25610, is a buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interfaces.

This type of flaw occurs when a program tries to read more data from a memory buffer than is available, resulting in accessing adjacent memory locations, leading to unpredictable behavior, leakage of sensitive data from memory and/or crashes.

A remote unauthenticated attacker, via specifically crafted requests, could exploit this issue and execute arbitrary code and/or perform a DoS attack on the GUI of the affected devices. This could enable the remote attacker to take control of the affected systems.

 

CVE(s)

N/A

 

Affected Systems 

  • FortiOS version 7.2.0 through 7.2.3
  • FortiOS version 7.0.0 through 7.0.9
  • FortiOS version 6.4.0 through 6.4.11
  • FortiOS version 6.2.0 through 6.2.12
  • FortiOS 6.0 all versions
  • FortiProxy version 7.2.0 through 7.2.2
  • FortiProxy version 7.0.0 through 7.0.8
  • FortiProxy version 2.0.0 through 2.0.11
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions

 

Recommendation(s) 

You should proceed immediately and apply the relevant security patches provided by the vendor and/or update to the latest versions of FortiOS and FortiProxy that are not affected by this vulnerability.
Fixes are available in:

  •  FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0
  •  FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10
  •  FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.

Note that as workarounds, it is recommended that the administrators of the affected devices either disable the HTTP/HTTPS administrative interface or limit the IP addresses that can reach it remotely.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

 

References 

https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html

https://nvd.nist.gov/vuln/detail/CVE-2023-26510

 https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-unauthenticated-rce-vulnerability/

SIGN UP

Get the latest Threat Alerts in your inbox.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). By completing this form, you consent to the collection and processing of your personal data for the purpose of processing your inquiry. Your data will be handled securely and will not be shared with third parties without your explicit consent. You have the right to access, rectify, or delete your personal data at any time by contacting us at [email protected]. For more information on how we handle your data, please refer to our Privacy Notice