Fortinet discloses critical RCE flaw

Home / Threat Intelligence bulletins / Fortinet discloses critical RCE flaw

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Fortinet has disclosed a critical-level vulnerability affecting FortiOS and FortiProxy. The flaw, tracked as CVE-2023-33308 (CVSSv3 score: 9.8), allows for remote code execution (RCE) capabilities on target systems.

Impact

Successful exploitation of CVE-2023-33308 could allow a remote threat actor to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside Secure Sockets Layer (SSL) deep packet inspection.

Vulnerability Detection

Security patches for these vulnerabilities have been released by Fortinet. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

  • FortiOS version 7.2.0 through 7.2.3
  • FortiOS version 7.0.0 through 7.0.10
  • FortiProxy version 7.2.0 through 7.2.2
  • FortiProxy version 7.0.0 through 7.0.9

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected product versions apply the following security updates:

  • FortiOS version 7.2.4 or above
  • FortiOS version 7.0.11 or above
  • FortiProxy version 7.2.3 or above
  • FortiProxy version 7.0.10 or above

Indicators of Compromise

No specific Indicators of Compromise (IoC) are available currently.

Threat Landscape

Fortinet occupies a significant proportion of the networking-hardware market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, Fortinet networking hardware products have emerged as a prime target for threat actors. Due to the fact that Fortinet products have become an integral aspect of business operations, threat actors will continue to exploit the vulnerabilities of these product types in an attempt to exfiltrate sensitive data contained therein or impact associated business operations.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration (CWE):

CWE-124 – Buffer Underwrite (‘Buffer Underflow’)

Further Information

Fortinet Advisory

 

An Intelligence Terminology Yardstick to showing the likelihood of events