MCNC continues to work to restore services in Western NC after Hurricane Helene. We have included options for helping those in need here: Hurricane Helene
03.10.2023

FortiOS Remote Code Execution Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/10/2023

Action Level - Critical

Description

Fortinet has disclosed a vulnerability affecting certain versions of FortiOS. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code or perform a denial of service attack on the administrative interface of the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.

Affected Versions

  • FortiOS version 7.2.0 through 7.2.3
  • FortiOS version 7.0.0 through 7.0.9
  • FortiOS version 6.4.0 through 6.4.11
  • FortiOS version 6.2.0 through 6.2.12
  • FortiOS 6.0 all versions

Note: some Fortinet devices are not vulnerable to the code execution portion of this vulnerability. Please see vendor resources for a full list.

Attack Vector

An attacker with network or local access to the FortiOS administrative interface.

Attack Feasibility 

There are currently no known exploits for this vulnerability

Mitigation

If you are not able to immediately apply the patch, you can mitigate this vulnerability by restricting access to the administrative interface. 

Remediation

Update to a current supported version of FortiOS.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC