07.12.2023

FortiOS Remote Code Execution Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 07/12/2023

Action Level - Critical

Description

Fortinet has released updates to remediate a critical vulnerability impacting devices running certain versions of FortiOS and FortiProxy. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code via crafted packets to the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.

Affected Versions

  • FortiOS 7.2.0 through 7.2.3
  • FortiOS 7.0.0 through 7.0.10
  • FortiProxy 7.2.0 through 7.2.2
  • FortiProxy 7.0.0 through 7.0.9

Attack Vector

An attacker with network access to the Fortigate device

Attack Feasibility 

There are currently no reported exploits for this vulnerability.

Mitigation

Administrators can mitigate this vulnerability by disabling HTTP/2 support on vulnerable firewall policies as described in the vendor advisory

Remediation

Update to a current supported version of FortiOS.

Vendor Resources

Fortinet PSIRT Advisory

<-- Return to Cybersecurity Alerts...

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • twitter
  • facebook
  • youtube
© 2024 MCNC