Fortinet issued an advisory on March 7th regarding CVE-2023-25610, a severe remote code execution (RCE) vulnerability found in its operating system, FortiOS. The flaw, which stems from a buffer underwrite bug in the administrative interface, may enable a malicious remote unauthenticated attacker to execute code through carefully crafted requests.
Here’s everything you need to know:
What is CVE-2023-25610?
The administrative interface of FortiOS and FortiProxy has a vulnerability that can be exploited via a buffer underwrite (also known as “buffer underflow”) attack. When a program writes data to a buffer (a temporary storage area) that is smaller than the data being written, it risks overwriting adjacent memory locations.
By sending specially crafted requests to the device, an unauthorized attacker may be able to remotely execute arbitrary code on the device or launch a denial-of-service (DoS) attack on the GUI.
Does it affect me?
Below are the products affected:
FortiOS versions 7.2.0 through 7.2.3
FortiOS versions 7.0.0 through 7.0.9
FortiOS versions 6.4.0 through 6.4.11
FortiOS versions 6.2.0 through 6.2.12
FortiOS 6.0 (all versions)
FortiProxy versions 7.2.0 through 7.2.2
FortiProxy versions 7.0.0 through 7.0.8
FortiProxy versions 2.0.0 through 2.0.11
FortiProxy 1.2 (all versions)
FortiProxy 1.1 (all versions)
According to Fortinet, this vulnerability may also affect other products, but an attacker could only achieve denial-of-service (DoS) and not remote code execution (RCE). The complete list of affected products can be found here.
Has CVE-2023-25610 actively exploited in the wild?
The March 11 publication of a proof of concept could increase the likelihood of this vulnerability being exploited in the wild. It is recommended that precautions be taken and the vulnerability be patched as soon as possible.
FortiOS has encountered yet another critical vulnerability in the space of only a few months. Preceding ones include CVE-2022-42475, which was promptly exploited in the wild after its announcement, CVE-2022-39952 and CVE-2021-42756.
Fixing CVE-2023-25610
To resolve this issue, it is recommended to upgrade vulnerable products to the patched versions listed below:
FortiOS version 7.4.0 or above
FortiOS version 7.2.4 or above
FortiOS version 7.0.10 or above
FortiOS version 6.4.12 or above
FortiOS version 6.2.13 or above
FortiProxy version 7.2.3 or above
FortiProxy version 7.0.9 or above
FortiProxy version 2.0.12 or above
FortiOS-6K7K version 7.0.10 or above
FortiOS-6K7K version 6.4.12 or above
FortiOS-6K7K version 6.2.13 or above
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
- VulnRX – vulnerability fix database
- MITRE ATTACK framework – Mapping techniques to CVEs
- Exploit maturity: an introduction
- How to properly tackle zero-day threats
- OWASP Top 10 vulnerabilities 2022: what we learned
And finally…
Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.
