Security News > 2023 > March > New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
"A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.
Fortinet said it's not aware of any malicious exploitation attempts against the flaw.
The following versions of FortiOS and FortiProxy are impacted by the vulnerability -.
Fixes are available in FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.
The disclosure comes weeks after the network security company issued fixes for 40 vulnerabilities, two of which are rated Critical and impact FortiNAC and FortiWeb products.
News URL
https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html
Related news
- Kimsuky hackers use new custom RDP Wrapper for remote access (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)