Fortinet has released fixes to address 15 security holesincluding one critical vulnerability affecting FortiOS and FortiProxy, which could allow attackers to take control of affected systems.
Before starting, what exactly are FortiProxy and FortiOS?
FortiProxy and FortiOS are both network security software solutions developed by Fortinet. The former is just a security proxy that provides advanced protection against web threats and web traffic management, while the latter is basically an integrated security operating system for Fortinet network devices, such as firewalls.
Both are designed to protect organizations from a wide range of cyber threats, including DDoS attacks, application vulnerabilities, malware, ransomware and data security breaches.
Here’s what problems Fortinet fixed
The issue, identified as CVE-2023-25610, is rated 9.3 out of 10 for severity and was discovered and reported internally by its security teams.
“A write-to-buffer vulnerability (‘buffer underflow’) in the FortiOS and FortiProxy administrative interface could allow an unauthenticated remote attacker to execute malicious code on the device and/or perform a DoS attack on the GUI, via specially designed requests“, has declared Fortinet in an information note.
The bugs of underflowalso called buffer underrunsoccur when the input data is shorter than the reserved space, causing unpredictable behavior or sensitive data leaks from memory.
Other possible consequences include memory corruption which could be used to induce a crash or execute malicious code.
Fortinet said it is not aware of any attempts to exploit the flaw maliciously. But given that previous software flaws have been actively abused, it is essential that users move quickly to apply the fixes.
The following versions of FortiOS and FortiProxy are affected by the vulnerability:
- FortiOS version 7.2.0-7.2.3
- FortiOS version 7.0.0-7.0.9
- FortiOS version 6.4.0-6.4.11
- FortiOS version 6.2.0-6.2.12
- FortiOS 6.0 all versions
- FortiProxy version 7.2.0-7.2.2
- FortiProxy version 7.0.0-7.0.8
- FortiProxy version 2.0.0-2.0.11
- FortiProxy 1.2 all versions
- FortiProxy 1.1 all versions
The fixes are available in FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4 and 7.4.0; FortiOS-6K7K versions 6.2.13, 6.4.12 and 7.0.10; and FortiProxy versions 2.0.12, 7.0.9 and 7.0.9.
As a workaround, Fortinet is advising users to disable the HTTP/HTTPS administrative interface or limit the IP addresses that can reach it.
The disclosure of the fixes (which it turns out was well over 15!) comes weeks after the network security company issued fixes for 40 vulnerabilitiestwo of which are rated critical and impact FortiNAC (CVE-2022-39952) and FortiWeb (CVE-2021-42756) products.
What can be said, in summary?
Fortinet provided important information on the discovery and correction of a critical vulnerability in FortiOS and FortiProxy, two network security solutions developed by Fortinet. The vulnerability could allow a remote attacker to execute arbitrary code on affected devices or perform a DoS attack on the GUI. The vulnerability was internally discovered and reported by the Fortinet security team and fixes have been released to address the issue.
The vulnerability disclosure emphasizes the importance of regularly performing security updates and closely monitoring network security systems. Furthermore, the need for organizations to take cyber threats seriously and adopt a multi-layered security strategy that includes the use of security solutions such as FortiOS and FortiProxy.
In general, the importance of a proactive approach to information security and the need to keep network security systems constantly updated to protect organizations from possible cyber attacks was highlighted.
#Fortinet #fixes #vulnerabilities #FortiProxy #FortiOS