VTA-00440 – FortiOS/FortiProxy Security Alert: New Vulnerability Could Expose Devices to Remote Attacks
The vulnerability identified as CVE-2023-25610 has been given a severity rating of 9.3 out of 10 and was discovered and reported internally by Fortinet’s security teams. A buffer underwrite vulnerability, also known as a “buffer underflow”, has been found in the FortiOS and FortiProxy administrative interface, which could allow a remote, unauthenticated attacker to run arbitrary code on the device or launch a denial-of-service attack against the graphical user interface (GUI). Underflow bugs occur when the input data is shorter than the reserved space, which can cause unpredictable behavior, sensitive data leakage, or memory corruption that may be weaponized to induce a crash or execute arbitrary code.
Fortinet has not identified any malicious attempts to exploit this vulnerability. Nonetheless, it is critical for users to apply the necessary patches promptly since previous software flaws have been actively exploited in the past.
As a temporary workaround, Fortinet recommends disabling the HTTP/HTTPS administrative interface or restricting the IP addresses that can access it. To permanently address this issue, it is advisable to upgrade to FortiOS version 7.4.0 or later and FortiOS-6K7K version 7.0.10 or later.
Severity:
High
Attack Surfaces:
Infrastructure, IoT, Others
Tactics:
Defense Evasion, Impact, Initial Access
Techniques:
T1059 – Command and Scripting Interpreter
T1562 – Impair Defenses
T1204 – User Execution
Indicator of Compromise:
https://otx.alienvault.com/pulse/640cc1613068d1a9fc7dc6d3
SuperPRO’s Threat Countermeasures Procedures:
1. Apply the most recent security patch released by Fortinet.
– Please upgrade to FortiOS version 7.4.0 or above
– Please upgrade to FortiOS version 7.2.4 or above
– Please upgrade to FortiOS version 7.0.10 or above
– Please upgrade to FortiOS version 6.4.12 or above
– Please upgrade to FortiOS version 6.2.13 or above
– Please upgrade to FortiProxy version 7.2.3 or above
– Please upgrade to FortiProxy version 7.0.9 or above
– Please upgrade to FortiOS-6K7K version 7.0.10 or above
– Please upgrade to FortiOS-6K7K version 6.4.12 or above
– Please upgrade to FortiOS-6K7K version 6.2.13 or above
2. Implement network segmentation to prevent attackers from moving laterally.
3. Critical asset access controls are closely monitored and kept behind a firewall.
4. Implement secure backup, archiving, and recovery processes on a regular basis within the organization.
Contributed by: Wan
Leave a Reply