Security News > 2023 > July > Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices

Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
2023-07-12 14:40

Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices.

"A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection," warns Fortinet in a new advisory.

The Fortinet advisory has clarified that FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308.

300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug.

Fortinet fixes critical FortiNAC remote command execution flaw.

VMware warns of critical vRealize flaw exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaw-in-fortios-fortiproxy-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-26 CVE-2023-33308 Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.
network
low complexity
fortinet CWE-787
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 77 15 314 277 81 687