Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)

2023-03-09 11:11

Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.

Discovered by Fortinet infosec engineer Kai Ni, CVE-2023-25610 is a buffer underwrite vulnerability found in the FortiOS and FortiProxy administrative interface.

Some hardware devices running a vulnerable FortiOS version are only impacted by the the DoS part of the issue, and those are listed in the security advisory.

FortiOS version 7.4.0 or above, 7.2.4 or above, 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.

FortiProxy version 7.2.3 or above, 7.0.9 or above, or 2.0.12 or above.

FortiOS-6K7K version 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.

News URL

https://www.helpnetsecurity.com/2023/03/09/cve-2023-25610/

#RCE #fortinet #fortiproxy #fortios #critical #CVE-2023-25610

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-24	CVE-2023-25610	A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. CWE-124	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Fortinet		80	20	349	308	94	771

News URL

Related news

Related Vulnerability

Related vendor