FortiOS Remote Code Execution Vulnerability

  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 07/12/2023

Action Level - Critical


Fortinet has released updates to remediate a critical vulnerability impacting devices running certain versions of FortiOS and FortiProxy. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code via crafted packets to the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.

Affected Versions

  • FortiOS 7.2.0 through 7.2.3
  • FortiOS 7.0.0 through 7.0.10
  • FortiProxy 7.2.0 through 7.2.2
  • FortiProxy 7.0.0 through 7.0.9

Attack Vector

An attacker with network access to the Fortigate device

Attack Feasibility 

There are currently no reported exploits for this vulnerability.


Administrators can mitigate this vulnerability by disabling HTTP/2 support on vulnerable firewall policies as described in the vendor advisory


Update to a current supported version of FortiOS.

Vendor Resources

Fortinet PSIRT Advisory

<-- Return to Cybersecurity Alerts...

PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC