Update - Ekco have been made aware of the following issue with Forti OS https://www.fortiguard.com/psirt/FG-IR-23-001 we are investigating the issue as a matter of urgency and will be contacting customers to advise what action to take.
Mar 08, 2023 - 21:36 GMT
Investigating - FortiGate/FortiProxy Heap buffer underflow in administrative interface - CVE-2023-25610 Overview Fortinet have announced a new Critical vulnerability (tracked as CVE-2023-25610) affecting FortiGate firewalls and FortiProxy web proxies. The security flaw is an authentication bypass on the administrative interface that could allow attackers execute arbitrary code on the device and/or perform a DoS on the GUI. From Fortinet - " A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.," Fortinet explains in a customer support bulletin issued. The complete list of products vulnerable to attacks attempting to exploit the CVE-2023-25610 flaw includes: • FortiOS version 7.2.0 through 7.2.3 • FortiOS version 7.0.0 through 7.0.9 • FortiOS version 6.4.0 through 6.4.11 • FortiOS version 6.2.0 through 6.2.12 • FortiOS 6.0 all versions • FortiProxy version 7.2.0 through 7.2.2 • FortiProxy version 7.0.0 through 7.0.8 • FortiProxy version 2.0.0 through 2.0.11 • FortiProxy 1.2 all versions • FortiProxy 1.1 all versions How do I Remediate? Recommendation – Prevention Upgrade FortiOS to the versions below: • Please upgrade to FortiOS version 7.4.0 or above • Please upgrade to FortiOS version 7.2.4 or above • Please upgrade to FortiOS version 7.0.10 or above • Please upgrade to FortiOS version 6.4.12 or above • Please upgrade to FortiOS version 6.2.13 or above • Please upgrade to FortiProxy version 7.2.3 or above • Please upgrade to FortiProxy version 7.0.9 or above • Please upgrade to FortiProxy version 2.0.12 or above • Please upgrade to FortiOS-6K7K version 7.0.10 or above • Please upgrade to FortiOS-6K7K version 6.4.12 or above • Please upgrade to FortiOS-6K7K version 6.2.13 or above • Disable the exposure of Fortinet management interfaces to the internet if possible • Limit IP addresses that can reach the administrative interface using a whitelisting policy. Recommendation - Detection • Examine currently FortiGate/FortiProxy version in use to see if impacted. • Use vulnerability scanning tools to detect if vulnerability exists. • Use SIEM to detect possible exploitation attempts on the internet perimeter. The SOC team are monitoring SIEM tenancies closely to detect any threat activity & IOCs are being issued from Threat Intelligence sources in real time.
Mar 08, 2023 - 21:34 GMT
Update - Please note that the list of affected FortiOS versions has been revised as per the below.
Affected products are as follows:
FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS version 6.0.0 through 6.0.15 FortiOS version 5.6.0 through 5.6.14 FortiOS version 5.4.0 through 5.4.13 FortiOS version 5.2.0 through 5.2.15 FortiOS version 5.0.0 through 5.0.14 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14
Solutions are as follows:
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to upcoming FortiOS version 6.0.16 or above Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to upcoming FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above
Dec 14, 2022 - 14:35 GMT
Identified - For all customers who subscribe to a Managed Firewall service, Ekco will be in contact to arrange a firmware upgrade, should this be required.
For any customers that manage their own FortiGate firewalls and their upgrades, please note the following:
Affected products are as follows:
FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14
Solutions are as follows:
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above
Should you have any questions or concerns, please reach out to Ekco Support via support@ek.co or call +44 1273 987 920.
Dec 12, 2022 - 23:23 GMT
Investigating - Ekco have been made aware of the following issue with Forti OS https://fortiguard.fortinet.com/psirt/FG-IR-22-398 we are investigating the issue as a matter of urgency and will be contacting customers to advise what action to take.
Dec 12, 2022 - 20:36 GMT
Investigating - VMware support have advised a local privilege escalation vulnerability that affects our Telehouse West and Slough vCloud platforms. The vulnerability is for VM Tools component which runs on the virtual machines. Updates are available to remediate the vulnerability. More information about the vulnerability can be found here: https://www.vmware.com/security/advisories/VMSA-2022-0024.html If you manage your own guest OS please update VM tools versions to 12.1.0 and 10.3.25 (for older version 10 VM Tools). We will be in touch with all managed customers with list of affected virtual machines and coordinating update schedule
Aug 25, 2022 - 12:45 BST
Completed -
The scheduled maintenance has been completed.
May 19, 17:01 BST
In progress -
Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 19, 14:00 BST
Scheduled -
We will be renewing certificates for our Veeam Cloud Connect service. New certificates will be applied and accepted soon after. No action will be required.
May 18, 17:36 BST