FortiOS Remote Code Execution Vulnerability
Date of Notice: 03/10/2023
Action Level - Critical
Fortinet has disclosed a vulnerability affecting certain versions of FortiOS. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code or perform a denial of service attack on the administrative interface of the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.9
- FortiOS version 6.4.0 through 6.4.11
- FortiOS version 6.2.0 through 6.2.12
- FortiOS 6.0 all versions
Note: some Fortinet devices are not vulnerable to the code execution portion of this vulnerability. Please see vendor resources for a full list.
An attacker with network or local access to the FortiOS administrative interface.
There are currently no known exploits for this vulnerability
If you are not able to immediately apply the patch, you can mitigate this vulnerability by restricting access to the administrative interface.
Update to a current supported version of FortiOS.