Published: March 09, 2023

Overview

A critical vulnerability (CVE-2023-25610) in FortiOS and FortiProxy allows attackers to execute arbitrary code (Remote Code Execution) or perform Denial of Services on the targeted devices.

FortiOS is the operating system and software used in Fortinet devices.

Impact

The vulnerability is a buffer underflow vulnerability where the program tries to read more data from a memory than is available, leading to unwanted behaviour. An unauthenticated attacker can gain Remote Code Execution or perform a Denial of Service (DoS) attack using specially crafted requests on the GUI interface.

Applicable Versions

There is a list of Fortinet hardware specified in https://www.fortiguard.com/psirt/FG-IR-23-001, which are impacted only by DoS and not RCE irrespective of the FortiOS version running on it.

This vulnerability affects the following Fortinet products:

  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.9 
  • FortiOS version 6.4.0 through 6.4.11 
  • FortiOS version 6.2.0 through 6.2.12 
  • FortiOS 6.0, all versions 
  • FortiProxy version 7.2.0 through 7.2.2 
  • FortiProxy version 7.0.0 through 7.0.8 
  • FortiProxy version 2.0.0 through 2.0.11 
  • FortiProxy 1.2, all versions 
  • FortiProxy 1.1, all versions 

Mitigations and Workarounds

The devices should be upgraded with versions that fix the CVE-2023-25610 vulnerability are:

  • FortiOS version 7.4.0 or above 
  • FortiOS version 7.2.4 or above 
  • FortiOS version 7.0.10 or above 
  • FortiOS version 6.4.12 or above 
  • FortiOS version 6.2.13 or above 
  • FortiProxy version 7.2.3 or above 
  • FortiProxy version 7.0.9 or above 
  • FortiProxy version 2.0.12 or above 
  • FortiOS-6K7K version 7.0.10 or above 
  • FortiOS-6K7K version 6.4.12 or above 
  • FortiOS-6K7K version 6.2.13 or above 

Best Practices

  1. It is advisable to run vulnerability scanning like that available with Netsurion Vulnerability Management as well as perform an automated Operating System, Application, and Firmware patch/update management process.
  2. Disable HTTP/HTTPS administrative interface OR Limit IP addresses that can reach the administrative interface (Refer: https://www.fortiguard.com/psirt/FG-IR-23-001)

Netsurion Detection and Response

Netsurion’s Vulnerability Management signature database has been updated to detect CVE-2023-25610. Our Security Operations Center (SOC) will detect and report CVE-2023-25610 vulnerability to our customers and partners who subscribe to Netsurion Vulnerability Management.

Contact your Netsurion Account Manager with any questions.
 

References:

Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4