Fortinet Patches Critical RCE Vulnerability in FortiOS
Share this:
Fortinet has released patches to address two security vulnerabilities in Fortinet’s FortiOS and FortiProxy software.
The first vulnerability identified as CVE-2023-28001 in Fortinet’s FortiOS. This flaw, classified as ‘Insufficient Session Expiration [CWE-613]’, allows a deleted user’s session to persist if the attacker manages to secure the API token. This vulnerability affects FortiOS versions 7.2.0 through 7.2.4 and all 7.0 versions. Upgrade to FortiOS version 7.4.0 or above. Like securing your fortress with a new and improved lock, this simple action ensures that no unwelcome guests remain within your digital walls.
The second vulnerability, CVE-2023-33308, is a more serious concern. A stack-based overflow vulnerability [CWE-124] in Fortinet’s FortiOS and FortiProxy might allow a remote attacker to execute arbitrary code or commands via carefully crafted packets. This is like an enemy launching an arrow with a flaming message, reaching the heart of your fortress, and causing damage and chaos from within.
This vulnerability affects FortiOS versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, and FortiProxy versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.9.
A temporary solution is to disable deep inspection on proxy policies or firewall policies with proxy mode, essentially, raising your drawbridge and reinforcing your walls. But a more robust and permanent solution lies in upgrading your software to the recommended versions: FortiOS version 7.4.0, 7.2.4, 7.0.11 or above, and FortiProxy version 7.2.3, 7.0.10 or above. This is akin to rebuilding and strengthening your fortress towers, ensuring they are impervious to future attacks.
