03.10.2023

FortiOS Remote Code Execution Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/10/2023

Action Level - Critical

Description

Fortinet has disclosed a vulnerability affecting certain versions of FortiOS. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code or perform a denial of service attack on the administrative interface of the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.

Affected Versions

    Note: some Fortinet devices are not vulnerable to the code execution portion of this vulnerability. Please see vendor resources for a full list.

    Attack Vector

    An attacker with network or local access to the FortiOS administrative interface.

    Attack Feasibility 

    There are currently no known exploits for this vulnerability

    Mitigation

    If you are not able to immediately apply the patch, you can mitigate this vulnerability by restricting access to the administrative interface. 

    Remediation

    Update to a current supported version of FortiOS.

    Vendor Resources

    Fortinet Security Advisory

    <-- Return to Cybersecurity Alerts...

    MCNC
    PO Box 12889
    3021 East Cornwallis Road
    RTP, NC 27709-2889
    919-248-1900 Phone | 919-248-1101 Fax
    Connect With Us
    • linkedin
    • twitter
    • facebook
    • youtube
    © 2023 MCNC