Security News > 2023 > March > New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
"A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.
Fortinet said it's not aware of any malicious exploitation attempts against the flaw.
The following versions of FortiOS and FortiProxy are impacted by the vulnerability -.
Fixes are available in FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.
The disclosure comes weeks after the network security company issued fixes for 40 vulnerabilities, two of which are rated Critical and impact FortiNAC and FortiWeb products.
News URL
https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html
Related news
- Remote Access Policy (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)