Security News > 2023 > March > Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)

Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)
2023-03-09 11:11

Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.

Discovered by Fortinet infosec engineer Kai Ni, CVE-2023-25610 is a buffer underwrite vulnerability found in the FortiOS and FortiProxy administrative interface.

Some hardware devices running a vulnerable FortiOS version are only impacted by the the DoS part of the issue, and those are listed in the security advisory.

FortiOS version 7.4.0 or above, 7.2.4 or above, 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.

FortiProxy version 7.2.3 or above, 7.0.9 or above, or 2.0.12 or above.

FortiOS-6K7K version 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.


News URL

https://www.helpnetsecurity.com/2023/03/09/cve-2023-25610/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 76 15 312 265 80 672