Update - Ekco have been made aware of the following issue with Forti OS https://www.fortiguard.com/psirt/FG-IR-23-001 we are investigating the issue as a matter of urgency and will be contacting customers to advise what action to take.
Mar 08, 2023 - 21:36 GMT
Mar 08, 2023 - 21:36 GMT
Investigating - FortiGate/FortiProxy Heap buffer underflow in administrative interface - CVE-2023-25610
Overview
Fortinet have announced a new Critical vulnerability (tracked as CVE-2023-25610) affecting FortiGate firewalls and FortiProxy web proxies. The security flaw is an authentication bypass on the administrative interface that could allow attackers execute arbitrary code on the device and/or perform a DoS on the GUI.
From Fortinet - " A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.," Fortinet explains in a customer support bulletin issued.
The complete list of products vulnerable to attacks attempting to exploit the CVE-2023-25610 flaw includes:
• FortiOS version 7.2.0 through 7.2.3
• FortiOS version 7.0.0 through 7.0.9
• FortiOS version 6.4.0 through 6.4.11
• FortiOS version 6.2.0 through 6.2.12
• FortiOS 6.0 all versions
• FortiProxy version 7.2.0 through 7.2.2
• FortiProxy version 7.0.0 through 7.0.8
• FortiProxy version 2.0.0 through 2.0.11
• FortiProxy 1.2 all versions
• FortiProxy 1.1 all versions
How do I Remediate?
Recommendation – Prevention
Upgrade FortiOS to the versions below:
• Please upgrade to FortiOS version 7.4.0 or above
• Please upgrade to FortiOS version 7.2.4 or above
• Please upgrade to FortiOS version 7.0.10 or above
• Please upgrade to FortiOS version 6.4.12 or above
• Please upgrade to FortiOS version 6.2.13 or above
• Please upgrade to FortiProxy version 7.2.3 or above
• Please upgrade to FortiProxy version 7.0.9 or above
• Please upgrade to FortiProxy version 2.0.12 or above
• Please upgrade to FortiOS-6K7K version 7.0.10 or above
• Please upgrade to FortiOS-6K7K version 6.4.12 or above
• Please upgrade to FortiOS-6K7K version 6.2.13 or above
• Disable the exposure of Fortinet management interfaces to the internet if possible
• Limit IP addresses that can reach the administrative interface using a whitelisting policy.
Recommendation - Detection
• Examine currently FortiGate/FortiProxy version in use to see if impacted.
• Use vulnerability scanning tools to detect if vulnerability exists.
• Use SIEM to detect possible exploitation attempts on the internet perimeter.
The SOC team are monitoring SIEM tenancies closely to detect any threat activity & IOCs are being issued from Threat Intelligence sources in real time.
Mar 08, 2023 - 21:34 GMT
Overview
Fortinet have announced a new Critical vulnerability (tracked as CVE-2023-25610) affecting FortiGate firewalls and FortiProxy web proxies. The security flaw is an authentication bypass on the administrative interface that could allow attackers execute arbitrary code on the device and/or perform a DoS on the GUI.
From Fortinet - " A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.," Fortinet explains in a customer support bulletin issued.
The complete list of products vulnerable to attacks attempting to exploit the CVE-2023-25610 flaw includes:
• FortiOS version 7.2.0 through 7.2.3
• FortiOS version 7.0.0 through 7.0.9
• FortiOS version 6.4.0 through 6.4.11
• FortiOS version 6.2.0 through 6.2.12
• FortiOS 6.0 all versions
• FortiProxy version 7.2.0 through 7.2.2
• FortiProxy version 7.0.0 through 7.0.8
• FortiProxy version 2.0.0 through 2.0.11
• FortiProxy 1.2 all versions
• FortiProxy 1.1 all versions
How do I Remediate?
Recommendation – Prevention
Upgrade FortiOS to the versions below:
• Please upgrade to FortiOS version 7.4.0 or above
• Please upgrade to FortiOS version 7.2.4 or above
• Please upgrade to FortiOS version 7.0.10 or above
• Please upgrade to FortiOS version 6.4.12 or above
• Please upgrade to FortiOS version 6.2.13 or above
• Please upgrade to FortiProxy version 7.2.3 or above
• Please upgrade to FortiProxy version 7.0.9 or above
• Please upgrade to FortiProxy version 2.0.12 or above
• Please upgrade to FortiOS-6K7K version 7.0.10 or above
• Please upgrade to FortiOS-6K7K version 6.4.12 or above
• Please upgrade to FortiOS-6K7K version 6.2.13 or above
• Disable the exposure of Fortinet management interfaces to the internet if possible
• Limit IP addresses that can reach the administrative interface using a whitelisting policy.
Recommendation - Detection
• Examine currently FortiGate/FortiProxy version in use to see if impacted.
• Use vulnerability scanning tools to detect if vulnerability exists.
• Use SIEM to detect possible exploitation attempts on the internet perimeter.
The SOC team are monitoring SIEM tenancies closely to detect any threat activity & IOCs are being issued from Threat Intelligence sources in real time.
Mar 08, 2023 - 21:34 GMT
Update - Please note that the list of affected FortiOS versions has been revised as per the below.
Affected products are as follows:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Solutions are as follows:
Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to upcoming FortiOS version 6.0.16 or above
Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to upcoming FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above
Dec 14, 2022 - 14:35 GMT
Affected products are as follows:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Solutions are as follows:
Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to upcoming FortiOS version 6.0.16 or above
Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to upcoming FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above
Dec 14, 2022 - 14:35 GMT
Identified - For all customers who subscribe to a Managed Firewall service, Ekco will be in contact to arrange a firmware upgrade, should this be required.
For any customers that manage their own FortiGate firewalls and their upgrades, please note the following:
Affected products are as follows:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Solutions are as follows:
Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above
Should you have any questions or concerns, please reach out to Ekco Support via support@ek.co or call +44 1273 987 920.
Dec 12, 2022 - 23:23 GMT
For any customers that manage their own FortiGate firewalls and their upgrades, please note the following:
Affected products are as follows:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Solutions are as follows:
Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above
Should you have any questions or concerns, please reach out to Ekco Support via support@ek.co or call +44 1273 987 920.
Dec 12, 2022 - 23:23 GMT
Investigating - Ekco have been made aware of the following issue with Forti OS https://fortiguard.fortinet.com/psirt/FG-IR-22-398 we are investigating the issue as a matter of urgency and will be contacting customers to advise what action to take.
Dec 12, 2022 - 20:36 GMT
Dec 12, 2022 - 20:36 GMT
Investigating - VMware support have advised a local privilege escalation vulnerability that affects our Telehouse West and Slough vCloud platforms. The vulnerability is for VM Tools component which runs on the virtual machines. Updates are available to remediate the vulnerability. More information about the vulnerability can be found here: https://www.vmware.com/security/advisories/VMSA-2022-0024.html If you manage your own guest OS please update VM tools versions to 12.1.0 and 10.3.25 (for older version 10 VM Tools). We will be in touch with all managed customers with list of affected virtual machines and coordinating update schedule
Aug 25, 2022 - 12:45 BST
Aug 25, 2022 - 12:45 BST
About This Site
Welcome to the Ekco Cloud UK Status Page. If you have any questions, please email us at support@ek.co.
Cloud
Operational
Compute
?
Operational
Storage
?
Operational
Management
?
Operational
Backup & DR
Operational
Veeam Cloud Connect
?
Operational
Zerto
?
Operational
Network
Operational
External Transit
?
Operational
AWS Direct Connect
?
Operational
Private Interconnect
Operational
Datacenter Interconnect
Operational
Public Peering
Operational
Papertrail Log Collection
Operational
AWS cloudfront
Operational
AWS route53
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance