FortiOS and FortiProxy Impacted By Stack-Based Buffer Overflow

FortiOS and FortiProxy are impacted by stack-based buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code or commands

Threat ID:: CC-4355
Threat Severity:: Medium
Published:: 12 July 2023 2:43 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

FortiOS and FortiProxy are impacted by stack-based buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code or commands

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

Versions 7.2.0 to 7.2.3
Versions 7.0.0 to 7.0.10

Fortinet FortiProxy

Versions 7.2.0 to 7.2.2
Versions 7.0.0 to 7.0.9

Threat details

Introduction

Fortinet have released a critical stack-based buffer overflow vulnerability impacting FortiOS and FortiProxy. This vulnerability may allow a remote attacker to execute arbitrary code or commands using specially crafted packets. This vulnerability impacts proxy mode with SSL deep packet inspection and is being tracked as CVE-2023-33308.

Remediation advice

Affected organisations are encouraged to review Fortinet's Security Advisory FG-IR-23-183 and apply the relevant updates.

Definitive source of threat updates

https://www.fortiguard.com/psirt/FG-IR-23-183

CVE Vulnerabilities

Status Reserved

CVE-2023-33308

Last edited: 12 July 2023 2:43 pm