Published: March 09, 2023
A critical vulnerability (CVE-2023-25610) in FortiOS and FortiProxy allows attackers to execute arbitrary code (Remote Code Execution) or perform Denial of Services on the targeted devices.
FortiOS is the operating system and software used in Fortinet devices.
The vulnerability is a buffer underflow vulnerability where the program tries to read more data from a memory than is available, leading to unwanted behaviour. An unauthenticated attacker can gain Remote Code Execution or perform a Denial of Service (DoS) attack using specially crafted requests on the GUI interface.
There is a list of Fortinet hardware specified in https://www.fortiguard.com/psirt/FG-IR-23-001, which are impacted only by DoS and not RCE irrespective of the FortiOS version running on it.
This vulnerability affects the following Fortinet products:
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.9
- FortiOS version 6.4.0 through 6.4.11
- FortiOS version 6.2.0 through 6.2.12
- FortiOS 6.0, all versions
- FortiProxy version 7.2.0 through 7.2.2
- FortiProxy version 7.0.0 through 7.0.8
- FortiProxy version 2.0.0 through 2.0.11
- FortiProxy 1.2, all versions
- FortiProxy 1.1, all versions
Mitigations and Workarounds
The devices should be upgraded with versions that fix the CVE-2023-25610 vulnerability are:
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.10 or above
- FortiOS version 6.4.12 or above
- FortiOS version 6.2.13 or above
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.9 or above
- FortiProxy version 2.0.12 or above
- FortiOS-6K7K version 7.0.10 or above
- FortiOS-6K7K version 6.4.12 or above
- FortiOS-6K7K version 6.2.13 or above
- It is advisable to run vulnerability scanning like that available with Netsurion Vulnerability Management as well as perform an automated Operating System, Application, and Firmware patch/update management process.
- Disable HTTP/HTTPS administrative interface OR Limit IP addresses that can reach the administrative interface (Refer: https://www.fortiguard.com/psirt/FG-IR-23-001)
Netsurion Detection and Response
Netsurion’s Vulnerability Management signature database has been updated to detect CVE-2023-25610. Our Security Operations Center (SOC) will detect and report CVE-2023-25610 vulnerability to our customers and partners who subscribe to Netsurion Vulnerability Management.
Contact your Netsurion Account Manager with any questions.