Published on 09 Mar 2023 | Updated on 09 Mar 2023
Fortinet has released security updates addressing a critical vulnerability (CVE-2023-25610) in their FortiOS and FortiProxy products.
Successful exploitation of the buffer underflow vulnerability in either FortiOS or FortiProxy’s administrative interface could allow a remote unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the graphical user interface (GUI) of the affected products using specially crafted requests.
The following versions of FortiOS and FortiProxy are affected:
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.
If users and administrators are unable to upgrade their FortiOS versions immediately, they are advised to implement a workaround by disabling HTTP/HTTPS administrative interface or limit IP addresses that can reach the administrative interface. More information on the workaround steps can be found in Fortinet's security advisory here.