Fortinet has identified and fixed 15 security flaws, one of which a critical vulnerability located in FortiOS and FortiProxy.
CVE-2023-25610 Technical Overview
The vulnerability, identified as CVE-2023-25610, has a severity rating of 9.3 out of 10 on the CVSS scale, and was reported by the company’s security teams. If exploited, this buffer underwrite flaw would allow for remote unauthenticated attackers to execute arbitrary code on exposed devices, or conduct a denial of service attack on the GUI, with the help of specially crafted requests.
A buffer underwrite occurs when the input data is shorter than the allocated space, which can lead to unpredictable behavior or leaked sensitive data, according to the official advisory. Currently, Fortinet has no knowledge of any cases where this vulnerability was used maliciously. The company added that they are constantly reviewing and examining the security of their products, and this particular vulnerability was identified internally through these means.
What Fortinet Products Have Been Affected by CVE-2023-25610?
The CVE-2023-25610 vulnerability has affected the following FortiOS and FortiProxy versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Even when running a vulnerable FortiOS version, a number of hardware devices the company listed in the advisory are only impacted by the DoS part of the issue, not by the arbitrary code execution. Non-listed devices are vulnerable to both, Fortinet said.
The advisory also features a possible workaround solution. CVE-2023-25610 was internally discovered and reported by Kai Ni from Burnaby InfoSec team.
CVE-2022-39947 is another example of a severe Fortinet vulnerability which was discovered in January 2023 in FortiADC product – an advanced application and database delivery controller from Fortinet. The vulnerability was defined as a command injection issue in the product’s web interface, rated 8.6 out of 10 on the CVSS scale.