Security News > 2023 > March > New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
"A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.
Fortinet said it's not aware of any malicious exploitation attempts against the flaw.
The following versions of FortiOS and FortiProxy are impacted by the vulnerability -.
Fixes are available in FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.
The disclosure comes weeks after the network security company issued fixes for 40 vulnerabilities, two of which are rated Critical and impact FortiNAC and FortiWeb products.
News URL
https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html
Related news
- Kimsuky hackers use new custom RDP Wrapper for remote access (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access (source)