Critical Remote Code Execution Vulnerability Detected in Fortinet’s FortiOS and FortiProxy Devices

July 12, 2023

Fortinet, a leading cybersecurity solutions provider, has reported a critical severity flaw in its FortiOS and FortiProxy devices. This vulnerability, identified as CVE-2023-33308, could potentially allow a remote attacker to execute arbitrary code on the affected devices. The flaw was unearthed by cybersecurity firm Watchtowr and has been rated as 'critical' with a CVS v3 score of 9.8 out of 10.0.

According to the advisory issued by Fortinet, the vulnerability is a stack-based overflow flaw (CWE-124) present in FortiOS & FortiProxy. This could potentially allow a remote attacker to execute arbitrary code or command via specially crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. A stack-based overflow is a type of security issue that occurs when a program writes more data to a buffer located on the stack (memory region) than what is allocated for the buffer, causing the data to overflow to adjacent memory locations.

Attackers can exploit these types of vulnerabilities by sending specially crafted input that exceeds the buffer's capacity, overwriting critical memory parameters related to functions, and thereby achieving malicious code execution. The flaw affects several versions of FortiOS. However, Fortinet has clarified that the issue was resolved in a previous release without a corresponding advisory, so it does not impact the latest release branch, FortiOS 7.4.

Fixes for CVE-2023-33308 have been provided in various versions. The Fortinet advisory has clarified that FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308. The Cybersecurity and Infrastructure Security Agency (CISA) has also published an alert about the vulnerability, urging affected organizations to apply the available security update.

If administrators are unable to apply the new firmware immediately, Fortinet suggests disabling HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode as a temporary workaround. Fortinet has provided an example of a custom-deep-inspection profile that disabled HTTP/2 support.

Another FortiOS buffer overflow vulnerability, tracked as CVE-2023-27997, has recently underscored the issue of patch lag. Offensive security solutions firm Bishop Fox reported finding 335,900 vulnerable FortiGate firewalls exposed on the internet, a whole month after the vendor made a fix available for the actively exploited bug.

Threat actors are always on the lookout for critical-severity flaws impacting Fortinet products, especially those that require no authentication to exploit, as they offer an easy route to gain initial access to valuable corporate networks. Therefore, users and administrators of products running FortiOS are strongly advised to check their software release and ensure that they're running a safe version.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.