Security News > 2023 > March > New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
"A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.
Fortinet said it's not aware of any malicious exploitation attempts against the flaw.
The following versions of FortiOS and FortiProxy are impacted by the vulnerability -.
Fixes are available in FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.
The disclosure comes weeks after the network security company issued fixes for 40 vulnerabilities, two of which are rated Critical and impact FortiNAC and FortiWeb products.
News URL
https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html
Related news
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)