A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

PUBLISHED:
9 March 2023

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

A critical vulnerability with CVSSv3 score of 9.3 (critical) has been discovered in FortiOS and FortiProxy administrative interfaces that could allow an attacker to execute arbitrary code or cause a denial of service (DoS) attack. The vulnerability, identified as CVE-2023-25610, is caused by a heap buffer underflow issue that occurs when processing user-supplied data.

TechCERT has observed a concerning trend among many organizations who keep their Fortinet administration portals open to the internet, despite this being a violation of recommended security best practices. Although there have been no reports of active exploitation of this vulnerability at this time, the risk of potential future exploits is significantly increased due to administrative portals are globally accessible from the internet.

Affected Versions

The following versions of FortiOS and FortiProxy are affected by this vulnerability:

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

Mitigation

Fortinet has released patches to address this vulnerability:

Upgrade to FortiOS version 7.4.0 or above
Upgrade to FortiOS version 7.2.4 or above
Upgrade to FortiOS version 7.0.10 or above
Upgrade to FortiOS version 6.4.12 or above
Upgrade to FortiOS version 6.2.13 or above
Upgrade to FortiProxy version 7.2.3 or above
Upgrade to FortiProxy version 7.0.9 or above
Upgrade to FortiProxy version 2.0.12 or above
Upgrade to FortiOS-6K7K version 7.0.10 or above
Upgrade to FortiOS-6K7K version 6.4.12 or above
Upgrade to FortiOS-6K7K version 6.2.13 or abovelater.

Users are advised to test and update to the latest patched versions as soon as possible.

More Information

Fortinet advisory – https://www.fortiguard.com/psirt/FG-IR-23-001
CVE-2023-25610 Details – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25610

Critical Linux Kernel Vulnerability Allows Unprivileged Local Users to Gain Root Privileges (CVE-2026-31431)

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

PUBLISHED:
9 March 2023

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

Affected Versions

Mitigation

Critical Linux Kernel Vulnerability Allows Unprivileged Local Users to Gain Root Privileges (CVE-2026-31431)

Critical Microsoft SharePoint Flaw Exploitations in the Wild

15 January 2025 [NO.TCSA : 20250115-1-1-E]

Auth Bypass Vulnerability Exploited in Wild to Hijack Fortinet Firewalls

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

PUBLISHED: 9 March 2023

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

Affected Versions

Mitigation

Critical Linux Kernel Vulnerability Allows Unprivileged Local Users to Gain Root Privileges (CVE-2026-31431)

Critical Microsoft SharePoint Flaw Exploitations in the Wild

15 January 2025 [NO.TCSA : 20250115-1-1-E]

Auth Bypass Vulnerability Exploited in Wild to Hijack Fortinet Firewalls

PUBLISHED:
9 March 2023