New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fortinet Warns about Critical Vulnerability in FortiOS and FortiProxy Could

Fortinet has patched 15 security flaws, including critical vulnerabilities affecting FortiOS and FortiProxy systems that might allow malicious actors to gain control of compromised systems. The bug, known as CVE-2023-25610, was discovered and reported internally by the company’s security team, and it is rated 9.3 out of 10 for severity. “A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests,” reads Fortinet advisory. The issue is known as underflow bugs or buffer underruns when input data is shorter than the allocated space. It leads to unpredictable behavior or the disclosure of private data from memory. Memory corruption is another issue that may arise and might be used as a weapon to trigger a crash or execute malicious code. According to Fortinet, threat actors didn’t use the bug yet. However, users must act quickly to deploy the necessary updates, as the previous software vulnerabilities have been exploited in the wild. The vulnerability impacts the following versions of FortiOS and FortiProxy:

  • FortiOS v.7.2.0 – v.7.2.3
  • FortiOS v.7.0.0 – v.7.0.9
  • FortiOS v.6.4.0 – v.6.4.11
  • FortiOS v.6.2.0 – v.6.2.12
  • FortiOS 6.0, all versions
  • FortiProxy v.7.2.0 – v.7.2.2
  • FortiProxy v.7.0.0 – v.7.0.8
  • FortiProxy v.2.0.0 – v.2.0.11
  • FortiProxy 1.1 and 1.2, all versions

Analyst Notes

Security patches are available in the following versions:

• FortiOS v.6.2.13, v.6.4.12, v.7.0.10, v.7.2.4, v.7.4.0
• FortiOS-6K7K v.6.2.13, v.6.4.12, v.7.0.10
• FortiProxy v.2.0.12, 7.0.9, v.7.0.9

Fortinet also advises customers to disable the HTTP/HTTPS administration interface or restrict the IP addresses that can access it as workarounds. It is recommended for organizations to implement these changes to secure administration interfaces, regardless of their vulnerability management cycle and patch deployment.