Get a demo
Voyager18 (research)

How to fix CVE-2023-25610 in FortiOS

CVE-2023-25610 affects a suite of FortiOS and FortiProxy products. Here's everything you need to know, including how to fix it.

Orani Amroussi | March 21, 2023

Fortinet issued an advisory on March 7th regarding CVE-2023-25610, a severe remote code execution (RCE) vulnerability found in its operating system, FortiOS. The flaw, which stems from a buffer underwrite bug in the administrative interface, may enable a malicious remote unauthenticated attacker to execute code through carefully crafted requests.

Here’s everything you need to know:

What is CVE-2023-25610?

The administrative interface of FortiOS and FortiProxy has a vulnerability that can be exploited via a buffer underwrite (also known as “buffer underflow”) attack. When a program writes data to a buffer (a temporary storage area) that is smaller than the data being written, it risks overwriting adjacent memory locations.

By sending specially crafted requests to the device, an unauthorized attacker may be able to remotely execute arbitrary code on the device or launch a denial-of-service (DoS) attack on the GUI.

Does it affect me?

Below are the products affected: 

FortiOS versions 7.2.0 through 7.2.3 

FortiOS versions 7.0.0 through 7.0.9 

FortiOS versions 6.4.0 through 6.4.11 

FortiOS versions 6.2.0 through 6.2.12 

FortiOS 6.0 (all versions) 

FortiProxy versions 7.2.0 through 7.2.2 

FortiProxy versions 7.0.0 through 7.0.8 

FortiProxy versions 2.0.0 through 2.0.11 

FortiProxy 1.2 (all versions) 

FortiProxy 1.1 (all versions) 

According to Fortinet, this vulnerability may also affect other products, but an attacker could only achieve denial-of-service (DoS) and not remote code execution (RCE). The complete list of affected products can be found here.     

Has CVE-2023-25610 actively exploited in the wild?

The March 11 publication of a proof of concept could increase the likelihood of this vulnerability being exploited in the wild. It is recommended that precautions be taken and the vulnerability be patched as soon as possible. 

FortiOS has encountered yet another critical vulnerability in the space of only a few months. Preceding ones include CVE-2022-42475, which was promptly exploited in the wild after its announcement, CVE-2022-39952 and CVE-2021-42756.

Fixing CVE-2023-25610

To resolve this issue, it is recommended to upgrade vulnerable products to the patched versions listed below: 

FortiOS version 7.4.0 or above 

FortiOS version 7.2.4 or above 

FortiOS version 7.0.10 or above 

FortiOS version 6.4.12 or above 

FortiOS version 6.2.13 or above 

FortiProxy version 7.2.3 or above 

FortiProxy version 7.0.9 or above 

FortiProxy version 2.0.12 or above 

FortiOS-6K7K version 7.0.10 or above 

FortiOS-6K7K version 6.4.12 or above

FortiOS-6K7K version 6.2.13 or above 

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

  1. VulnRX – vulnerability fix database
  2. MITRE ATTACK framework – Mapping techniques to CVEs 
  3. Exploit maturity: an introduction 
  4. How to properly tackle zero-day threats 
  5. OWASP Top 10 vulnerabilities 2022: what we learned

And finally…

Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy