Project Hyphae
Search

No Gateway to Heaven: Critical Fortinet RCE Vulnerability

Share This Post

CVE-2023-25610

CVSSv3: 9.3

Fortinet has released a critical patch that remediates a newly discovered remote code execution (RCE) vulnerability. This vulnerability has been observed within the FortiOS Operating system and FortiProxy secure Web Gateway systems. Based on the information Fortinet has released, it appears the vulnerability is related to a heap buffer underflow in the administrative interface, that allows an unauthenticated user/ attacker to execute arbitrary code and or to perform a denial of service (DoS) attack on the graphical user interface (GUI).

This vulnerability has been release just 2 weeks after CVE-2022-39952 was announced for an unauthenticated RCE of FortiNAC devices.

Fortinet is not aware of any any exploitations in the wild, however Fortinet is encouraging organizations to remediate as soon as possible.

Affected Products

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

Even when running a vulnerable FortiOS version, the hardware devices listed below are *only* impacted by the DoS part of the issue, *not* by the arbitrary code execution (non-listed devices are vulnerable to both): 

FortiGateRugged-100C
FortiGate-100D
FortiGate-200C
FortiGate-200D
FortiGate-300C
FortiGate-3600A
FortiGate-5001FA2
FortiGate-5002FB2
FortiGate-60D
FortiGate-620B
FortiGate-621B
FortiGate-60D-POE
FortiWiFi-60D
FortiWiFi-60D-POE
FortiGate-300C-Gen2
FortiGate-300C-DC-Gen2
FortiGate-300C-LENC-Gen2
FortiWiFi-60D-3G4G-VZW
FortiGate-60DH
FortiWiFi-60DH
FortiGateRugged-60D
FortiGate-VM01-Hyper-V
FortiGate-VM01-KVM
FortiWiFi-60D-I
FortiGate-60D-Gen2
FortiWiFi-60D-J
FortiGate-60D-3G4G-VZW
FortiWifi-60D-Gen2
FortiWifi-60D-Gen2-J
FortiWiFi-60D-T
FortiGateRugged-90D
FortiWifi-60D-Gen2-U
FortiGate-50E
FortiWiFi-50E
FortiGate-51E
FortiWiFi-51E
FortiWiFi-50E-2R
FortiGate-52E
FortiGate-40F
FortiWiFi-40F
FortiGate-40F-3G4G
FortiWiFi-40F-3G4G
FortiGate-40F-3G4G-NA
FortiGate-40F-3G4G-EA
FortiGate-40F-3G4G-JP
FortiWiFi-40F-3G4G-NA
FortiWiFi-40F-3G4G-EA
FortiWiFi-40F-3G4G-JP
FortiGate-40F-Gen2
FortiWiFi-40F-Gen2

Solutions

Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.10 or above
Please upgrade to FortiOS version 6.4.12 or above
Please upgrade to FortiOS version 6.2.13 or above
Please upgrade to FortiProxy version 7.2.3 or above
Please upgrade to FortiProxy version 7.0.9 or above
Please upgrade to FortiOS-6K7K version 7.0.10 or above
Please upgrade to FortiOS-6K7K version 6.4.12 or above
Please upgrade to FortiOS-6K7K version 6.2.13 or above

For more information please visit:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25610

https://www.fortiguard.com/psirt/FG-IR-23-001

https://www.darkreading.com/application-security/critical-rce-bug-fortinet-secure-web-gateway-takeover

https://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-fortinet-bug-to-backdoor-servers/



Reach out to our incident response team for help

More To Explore

Information Security News 2-26-2024

United Health Confirms Optum Hack Behind US Healthcare Billing Outage Article Link: https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-optum-hack-behind-us-healthcare-billing-outage/ Privacy Beats Ransomware as Top Insurance Concern for Some Article Link: https://www.darkreading.com/data-privacy/privacy-ransomware-top-2024-cyber-insurance

Information Security News 2-19-2024

U.S. Internet Leaked Years of Internal, Customer Emails Article Link: https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/ Prudential Files Voluntary Breach Notice With SEC Article Link: https://www.darkreading.com/cybersecurity-operations/prudential-files-voluntary-breach-notice-sec U.S. State Government Network

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.