Vulnerability Management

Fortinet fixes critical FortiOS, FortiProxy RCE vulnerability

Share

Fortinet has issued patches to address a critical severity stack-based overflow flaw in several FortiOS and FortiProxy versions, which could be exploited to achieve arbitrary code execution, BleepingComputer reports. Impacted by the vulnerability, tracked as CVE-2023-33308, are FortiOS versions 7.0.0 through 7.0.10 and FortiOS versions 7.2.0 through 7.2.3, as well as FortiProxy versions 7.0.0 through 7.0.9 and FortiProxy versions 7.2.0 through 7.2.2, but not FortiOS versions from the 6.0, 6.2, 6.4, 2.x, and 1.x releases, according to Fortinet. Organizations using the vulnerable instances have been urged to immediately upgrade to the latest versions of FortiOS and FortiProxy, although those that cannot adopt the firmware were advised to deactivate HTTP/2 support on proxy policies' SSL inspection profiles. Meanwhile, patch lag concerns have been noted for a FortiOS buffer overflow bug, tracked as CVE-2023-27997, after nearly 336,000 internet-exposed FortiGate firewalls were found by Bishop Fox to be vulnerable to the flaw a month after the release of a fix.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.