FortiOS Remote Code Execution Vulnerability

  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/10/2023

Action Level - Critical


Fortinet has disclosed a vulnerability affecting certain versions of FortiOS. If exploited it could allow a remote unauthenticated attacker to execute arbitrary code or perform a denial of service attack on the administrative interface of the device. Due to the serious nature of the vulnerability we recommend investigating potentially impacted devices and updating to a fixed version if you are affected.

Affected Versions

  • FortiOS version 7.2.0 through 7.2.3
  • FortiOS version 7.0.0 through 7.0.9
  • FortiOS version 6.4.0 through 6.4.11
  • FortiOS version 6.2.0 through 6.2.12
  • FortiOS 6.0 all versions

Note: some Fortinet devices are not vulnerable to the code execution portion of this vulnerability. Please see vendor resources for a full list.

Attack Vector

An attacker with network or local access to the FortiOS administrative interface.

Attack Feasibility 

There are currently no known exploits for this vulnerability


If you are not able to immediately apply the patch, you can mitigate this vulnerability by restricting access to the administrative interface. 


Update to a current supported version of FortiOS.

Vendor Resources

Fortinet Security Advisory

<-- Return to Cybersecurity Alerts...

PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC