Security News > 2023 > March > New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
"A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.
Fortinet said it's not aware of any malicious exploitation attempts against the flaw.
The following versions of FortiOS and FortiProxy are impacted by the vulnerability -.
Fixes are available in FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.
The disclosure comes weeks after the network security company issued fixes for 40 vulnerabilities, two of which are rated Critical and impact FortiNAC and FortiWeb products.
News URL
https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html
Related news
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- Remote Access Checklist (source)
- BeyondTrust says hackers breached Remote Support SaaS instances (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)