FortiOS Remote Code Execution Vulnerability
Date of Notice: 07/12/2023
Action Level - Critical
Fortinet has released updates to remediate a critical vulnerability impacting devices running certain versions of FortiOS and FortiProxy. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code via crafted packets to the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.
- FortiOS 7.2.0 through 7.2.3
- FortiOS 7.0.0 through 7.0.10
- FortiProxy 7.2.0 through 7.2.2
- FortiProxy 7.0.0 through 7.0.9
An attacker with network access to the Fortigate device
There are currently no reported exploits for this vulnerability.
Administrators can mitigate this vulnerability by disabling HTTP/2 support on vulnerable firewall policies as described in the vendor advisory.
Update to a current supported version of FortiOS.