overview

A critical vulnerability was found in Fortinet devices running FortiOS and FortiProxy. The vulnerability is tracked as CVE-2023-25610 and has a CVSS score of 9.3. The flaw is a buffer underflow vulnerability that occurs when a program attempts to access more data from a memory buffer than what is available. This results in accessing adjacent memory locations which leads to system crashes or risky behavior.  

Fortinet’s security advisory states that a buffer underflow vulnerability in FortiOS and FortiProxy administrative interface may allow remote attackers to execute arbitrary code on a device or perform a DoS on the GUI, via specifically crafted requests. The following products are impacted:  

  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.9 
  • FortiOS version 6.4.0 through 6.4.11 
  • FortiOS version 6.2.0 through 6.2.12 
  • FortiOS 6.0 all versions 
  • FortiProxy version 7.2.0 through 7.2.2 
  • FortiProxy version 7.0.0 through 7.0.8 
  • FortiProxy version 2.0.0 through 2.0.11 
  • FortiProxy 1.2 all versions 
  • FortiProxy 1.1 all versions 

When running a vulnerable FortiOS version, the 50 hardware devices mentioned in Fortinet’s advisory are solely affected by the DoS aspect of the problem, and not by the execution of arbitrary code. Although Fortinet has workarounds for CVE-2023-25610, it is highly recommended that organizations apply the appropriate patch as soon as possible.  

 

 

avertium's recommendations

If your organization is impacted by CVE-2023-25610, Avertium recommends that you upgrade to the following:  
  • FortiOS version 7.4.0 or above
  • FortiOS version 7.2.4 or above
  • FortiOS version 7.0.10 or above
  • FortiOS version 6.4.12 or above
  • FortiOS version 6.2.13 or above
  • FortiProxy version 7.2.3 or above
  • FortiProxy version 7.0.9 or above
  • FortiProxy version 2.0.12 or above
  • FortiOS-6K7K version 7.0.10 or above
  • FortiOS-6K7K version 6.4.12 or above
  • FortiOS-6K7K version 6.2.13 or above 
Fortinet has work arounds for CVE-2023-25610 that can be found in their advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-25610. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management , so you’ll have no more blind spots, weak links, or fire drills.  
  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • Avertium offers VMaaS to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap. 

 

 

 

SUPPORTING DOCUMENTATION

PSIRT Advisories | FortiGuard 

Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610) - Help Net Security 

Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com) 
Chat With One of Our Experts



Flash Notice Microsoft Office Fortinet Vulnerability Microsoft Word FortiOS FortiProxy Blog