Get in Touch
Indiscriminate, opportunistic targeting.
Fortinet has disclosed a critical-level vulnerability affecting FortiOS and FortiProxy. The flaw, tracked as CVE-2023-33308 (CVSSv3 score: 9.8), allows for remote code execution (RCE) capabilities on target systems.
Successful exploitation of CVE-2023-33308 could allow a remote threat actor to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside Secure Sockets Layer (SSL) deep packet inspection.
Security patches for these vulnerabilities have been released by Fortinet. Previous product versions therefore remain vulnerable to potential exploitation.
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.10
- FortiProxy version 7.2.0 through 7.2.2
- FortiProxy version 7.0.0 through 7.0.9
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected product versions apply the following security updates:
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.11 or above
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.10 or above
Indicators of Compromise
No specific Indicators of Compromise (IoC) are available currently.
Fortinet occupies a significant proportion of the networking-hardware market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, Fortinet networking hardware products have emerged as a prime target for threat actors. Due to the fact that Fortinet products have become an integral aspect of business operations, threat actors will continue to exploit the vulnerabilities of these product types in an attempt to exfiltrate sensitive data contained therein or impact associated business operations.
No attribution to specific threat actors or groups has been identified at the time of writing.
Common Weakness Enumeration (CWE):
CWE-124 – Buffer Underwrite (‘Buffer Underflow’)