Get in Touch
Fortinet discloses critical RCE vulnerability in FortiOS
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Fortinet has disclosed a critical-level security vulnerability, tracked as CVE-2023-25610 (CVSS v3 score: 9.3), which pertains to a buffer underwrite flaw in the administrative interface of FortiOS products. A duffer underwrite vulnerability occurs when data is written to a buffer storage area in which the size is less than that of the data being written, resulting in data being overwritten to alternative memory locations.
A Proof of Concept (PoC) was released for the flaw on 11th March 2023.
Impact
Successful exploitation of CVE-2023-25610 could allow a remote unauthenticated threat actor to execute code on vulnerable systems using specially crafted requests or perform a denial-of-service (DoS) attack on the graphical user interface (GUI).
Vulnerability Detection
Fortinet has released the required security patches for the vulnerability. As such, previous versions are vulnerable to potential exploitation.
Affected Products
- FortiOS versions 7.2.0 through 7.2.3
- FortiOS versions 7.0.0 through 7.0.9
- FortiOS versions 6.4.0 through 6.4.11
- FortiOS versions 6.2.0 through 6.2.12
- FortiOS 6.0 (all versions)
- FortiProxy versions 7.2.0 through 7.2.2
- FortiProxy versions 7.0.0 through 7.0.8
- FortiProxy versions 2.0.0 through 2.0.11
- FortiProxy 1.2 (all versions)
- FortiProxy 1.1 (all versions)
It should be noted that the following additional products are also affected but only to the DoS component of the vulnerability:
- FortiGateRugged-100C
- FortiGate-100D
- FortiGate-200C
- FortiGate-200D
- FortiGate-300C
- FortiGate-3600A
- FortiGate-5001FA2
- FortiGate-5002FB2
- FortiGate-60D
- FortiGate-620B
- FortiGate-621B
- FortiGate-60D-POE
- FortiWiFi-60D
- FortiWiFi-60D-POE
- FortiGate-300C-Gen2
- FortiGate-300C-DC-Gen2
- FortiGate-300C-LENC-Gen2
- FortiWiFi-60D-3G4G-VZW
- FortiGate-60DH
- FortiWiFi-60DH
- FortiGateRugged-60D
- FortiGate-VM01-Hyper-V
- FortiGate-VM01-KVM
- FortiWiFi-60D-I
- FortiGate-60D-Gen2
- FortiWiFi-60D-J
- FortiGate-60D-3G4G-VZW
- FortiWifi-60D-Gen2
- FortiWifi-60D-Gen2-J
- FortiWiFi-60D-T
- FortiGateRugged-90D
- FortiWifi-60D-Gen2-U
- FortiGate-50E
- FortiWiFi-50E
- FortiGate-51E
- FortiWiFi-51E
- FortiWiFi-50E-2R
- FortiGate-52E
- FortiGate-40F
- FortiWiFi-40F
- FortiGate-40F-3G4G
- FortiWiFi-40F-3G4G
- FortiGate-40F-3G4G-NA
- FortiGate-40F-3G4G-EA
- FortiGate-40F-3G4G-JP
- FortiWiFi-40F-3G4G-NA
- FortiWiFi-40F-3G4G-EA
- FortiWiFi-40F-3G4G-JP
Containment, Mitigations & Remediations
Users are strongly recommended to update the affected products to the following versions:
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.10 or above
- FortiOS version 6.4.12 or above
- FortiOS version 6.2.13 or above
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.9 or above
- FortiProxy version 2.0.12 or above
- FortiOS-6K7K version 7.0.10 or above
- FortiOS-6K7K version 6.4.12 or above
- FortiOS-6K7K version 6.2.13 or above
Threat Landscape
Fortinet occupies a significant proportion of the networking-hardware market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, Fortinet networking-hardware products have emerged as a prime target for threat actors. Due to the fact that Fortinet products have become an integral aspect of business operations, threat actors will continue to exploit the vulnerabilities of these product types in an attempt to exfiltrate sensitive data contained therein or impact associated business operations.
The PoC code that was released with regards to the vulnerability means that it is highly likely that threat actors will attempt to exploit vulnerable product versions.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Tactics
TA0002 – Execution
Further Information
