Ekco have been made aware of the following issue with Forti OS https://www.fortiguard.com/psirt/FG-IR-23-001 we are investigating the issue as a matter of urgency and will be contacting customers to advise what action to take.
Posted Mar 08, 2023 - 21:36 GMT
Investigating
FortiGate/FortiProxy Heap buffer underflow in administrative interface - CVE-2023-25610 Overview Fortinet have announced a new Critical vulnerability (tracked as CVE-2023-25610) affecting FortiGate firewalls and FortiProxy web proxies. The security flaw is an authentication bypass on the administrative interface that could allow attackers execute arbitrary code on the device and/or perform a DoS on the GUI. From Fortinet - " A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.," Fortinet explains in a customer support bulletin issued. The complete list of products vulnerable to attacks attempting to exploit the CVE-2023-25610 flaw includes: • FortiOS version 7.2.0 through 7.2.3 • FortiOS version 7.0.0 through 7.0.9 • FortiOS version 6.4.0 through 6.4.11 • FortiOS version 6.2.0 through 6.2.12 • FortiOS 6.0 all versions • FortiProxy version 7.2.0 through 7.2.2 • FortiProxy version 7.0.0 through 7.0.8 • FortiProxy version 2.0.0 through 2.0.11 • FortiProxy 1.2 all versions • FortiProxy 1.1 all versions How do I Remediate? Recommendation – Prevention Upgrade FortiOS to the versions below: • Please upgrade to FortiOS version 7.4.0 or above • Please upgrade to FortiOS version 7.2.4 or above • Please upgrade to FortiOS version 7.0.10 or above • Please upgrade to FortiOS version 6.4.12 or above • Please upgrade to FortiOS version 6.2.13 or above • Please upgrade to FortiProxy version 7.2.3 or above • Please upgrade to FortiProxy version 7.0.9 or above • Please upgrade to FortiProxy version 2.0.12 or above • Please upgrade to FortiOS-6K7K version 7.0.10 or above • Please upgrade to FortiOS-6K7K version 6.4.12 or above • Please upgrade to FortiOS-6K7K version 6.2.13 or above • Disable the exposure of Fortinet management interfaces to the internet if possible • Limit IP addresses that can reach the administrative interface using a whitelisting policy. Recommendation - Detection • Examine currently FortiGate/FortiProxy version in use to see if impacted. • Use vulnerability scanning tools to detect if vulnerability exists. • Use SIEM to detect possible exploitation attempts on the internet perimeter. The SOC team are monitoring SIEM tenancies closely to detect any threat activity & IOCs are being issued from Threat Intelligence sources in real time.