Security News > 2023 > March > Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)
Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.
Discovered by Fortinet infosec engineer Kai Ni, CVE-2023-25610 is a buffer underwrite vulnerability found in the FortiOS and FortiProxy administrative interface.
Some hardware devices running a vulnerable FortiOS version are only impacted by the the DoS part of the issue, and those are listed in the security advisory.
FortiOS version 7.4.0 or above, 7.2.4 or above, 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.
FortiProxy version 7.2.3 or above, 7.0.9 or above, or 2.0.12 or above.
FortiOS-6K7K version 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.
News URL
https://www.helpnetsecurity.com/2023/03/09/cve-2023-25610/
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)