Security News

Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
2023-07-12 14:40

Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices."A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection," warns Fortinet in a new advisory.

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!
2023-06-13 04:21

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "Exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997, concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)
2023-03-09 11:11

Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.Discovered by Fortinet infosec engineer Kai Ni, CVE-2023-25610 is a buffer underwrite vulnerability found in the FortiOS and FortiProxy administrative interface.

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
2023-03-09 05:23

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. "A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.