FortiOS / FortiProxy - Heap buffer underflow in administrative interface - CVE-2023-25610
Incident Report for Ekco UK
Resolved
This incident has been resolved.
Posted Oct 30, 2023 - 16:01 GMT
Update
Ekco have been made aware of the following issue with Forti OS https://www.fortiguard.com/psirt/FG-IR-23-001 we are investigating the issue as a matter of urgency and will be contacting customers to advise what action to take.
Posted Mar 08, 2023 - 21:36 GMT
Investigating
FortiGate/FortiProxy Heap buffer underflow in administrative interface - CVE-2023-25610
Overview
Fortinet have announced a new Critical vulnerability (tracked as  CVE-2023-25610) affecting FortiGate firewalls and FortiProxy web proxies. The security flaw is an authentication bypass on the administrative interface that could allow attackers execute arbitrary code on the device and/or perform a DoS on the GUI.
From Fortinet - " A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.," Fortinet explains in a customer support bulletin issued.
The complete list of products vulnerable to attacks attempting to exploit the CVE-2023-25610 flaw includes:
• FortiOS version 7.2.0 through 7.2.3
• FortiOS version 7.0.0 through 7.0.9
• FortiOS version 6.4.0 through 6.4.11
• FortiOS version 6.2.0 through 6.2.12
• FortiOS 6.0 all versions
• FortiProxy version 7.2.0 through 7.2.2
• FortiProxy version 7.0.0 through 7.0.8
• FortiProxy version 2.0.0 through 2.0.11
• FortiProxy 1.2 all versions
• FortiProxy 1.1 all versions
How do I Remediate?
Recommendation – Prevention
Upgrade FortiOS to the versions below:
• Please upgrade to FortiOS version 7.4.0 or above
• Please upgrade to FortiOS version 7.2.4 or above
• Please upgrade to FortiOS version 7.0.10 or above
• Please upgrade to FortiOS version 6.4.12 or above
• Please upgrade to FortiOS version 6.2.13 or above
• Please upgrade to FortiProxy version 7.2.3 or above
• Please upgrade to FortiProxy version 7.0.9 or above
• Please upgrade to FortiProxy version 2.0.12 or above
• Please upgrade to FortiOS-6K7K version 7.0.10 or above
• Please upgrade to FortiOS-6K7K version 6.4.12 or above
• Please upgrade to FortiOS-6K7K version 6.2.13 or above
• Disable the exposure of Fortinet management interfaces to the internet if possible
• Limit IP addresses that can reach the administrative interface using a whitelisting policy.
Recommendation - Detection
• Examine currently FortiGate/FortiProxy version in use to see if impacted.
• Use vulnerability scanning tools to detect if vulnerability exists.
• Use SIEM to detect possible exploitation attempts on the internet perimeter.
The SOC team are monitoring SIEM tenancies closely to detect any threat activity & IOCs are being issued from Threat Intelligence sources in real time.
Posted Mar 08, 2023 - 21:34 GMT
This incident affected: Cloud (Compute).