Fortinet addressed a critical buffer underwrite (‘buffer underflow’) vulnerability, tracked as CVE-2023-25610 (CVSS v3 9.3), that resides in the administrative interface in FortiOS and FortiProxy. A remote, unauthenticated attacker can exploit the vulnerability to execute arbitrary code on the vulnerable device and trigger a DoS condition on the GUI, by sending specifically crafted requests.
The vulnerability affects the following products:
The security vendor released the following updates to address the issue:
The company announced that it is not aware of attacks in the wild exploiting this vulnerability.
The advisory includes a list of models for which the flaw’s exploitation can only trigger a DoS condition.
Fortinet also provides a workaround for the flaw, the company recommends disabling the HTTP/HTTPS administrative interface or limiting the IP addresses that can reach the administrative interface.
The security vendor acknowledged Kai Ni from the Burnaby InfoSec team for reporting the flaw.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, FortiOS)
Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a…
A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch…
Nova Scotia Power confirms it was hit by a ransomware attack but hasn't paid the…
Cetus Protocol reported a $223 million crypto theft and is offering to drop legal action…
SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach.…
China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and…
This website uses cookies.
