Fortinet recently addressed a critical Remote Code Execution (RCE) vulnerability affecting FortiOS and FortiProxy This vulnerability, tracked as CVE-2023-33308 and rated with a CVSSv3 score of 9.8, can be exploited by remote attackers to execute unauthorized code or commands on vulnerable systems.
The vulnerability arises from a stack-based buffer overflow
in FortiOS and FortiProxy. It can be exploited through packets crafted to
achieve proxy policies or firewall policies with proxy mode along with SSL/TLS deep
packet inspection. The severity of this vulnerability has been rated as
critical (CVSSv3 score: 9.8).
Affected Versions
The following versions of FortiOS and FortiProxy are
affected by the CVE-2023-33308 vulnerability:
- FortiProxy: 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
- FortiOS: 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
Fortinet has also provided security updates and fixes for
the CVE-2023-33308 vulnerability. Users are advised to upgrade to the following
versions:
- FortiProxy: Version 7.2.3 or higher
- FortiProxy: Version 7.0.10 or higher
- FortiOS: Version 7.2.4 or higher
- FortiOS: Version 7.0.11 or higher
- FortiOS: Version 7.4.0 or higher
As a temporary solution, users can disable HTTP/2 support on
SSL/TLS inspection profiles used by proxy policies or firewall policies with
proxy mode. Detailed instructions can be found in Fortinet security release
FG-IR-23-183.
It is critical that users and administrators immediately
update their software to the recommended version or apply the security fixes
provided.
0 Comments