Security News > 2023 > July > Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices.
"A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection," warns Fortinet in a new advisory.
The Fortinet advisory has clarified that FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308.
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug.
Fortinet fixes critical FortiNAC remote command execution flaw.
VMware warns of critical vRealize flaw exploited in attacks.
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-26 | CVE-2023-33308 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | 9.8 |