Advisory March 9, 2023

FortiOS / FortiProxy – Heap buffer underflow in administrative interface (CVE-2023-25610)

The Obrela SOC Team

Fortinet has Published a Critical Vulnerability (CVE-2023-25610) that may Allow a Remote Unauthenticated Attacker to Execute Arbitrary Code & Perform a DoS on the GUI.

Fortinet claim that they are not aware of any instances of active exploitation in the wild currently.

Affected Devices:

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

Kindly proceed with the suggested mitigation actions and apply the relevant patches or proceed with the suggested workaround.

Reference:

https://www.fortiguard.com/psirt/FG-IR-23-001

The Threat Hunting and SOC teams of OBRELA remain vigilant and continue to monitor the activity.