• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new critical flaw in fortios and fortiproxy could give hackers

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

You are here: Home / General Cyber Security News / New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
March 9, 2023

Fortinet has introduced fixes to handle 15 security flaws, which includes one particular critical vulnerability impacting FortiOS and FortiProxy that could help a danger actor to acquire control of affected devices.

The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally identified and claimed by its security teams.

“A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interface may enable a remote unauthenticated attacker to execute arbitrary code on the machine and/or complete a DoS on the GUI, through specially crafted requests,” Fortinet explained in an advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Underflow bugs, also known as buffer underruns, come about when the input details is shorter than the reserved house, producing unpredictable habits or leakage of sensitive data from memory.

Other feasible effects involve memory corruption that could possibly be weaponized to induce a crash or execute arbitrary code.

Fortinet explained it truly is not knowledgeable of any malicious exploitation attempts from the flaw. But offered that prior flaws in software have arrive underneath active abuse in the wild, it is essential that users transfer rapidly to use the patches.

The adhering to versions of FortiOS and FortiProxy are impacted by the vulnerability –

  • FortiOS version 7.2. by means of 7.2.3
  • FortiOS variation 7.. via 7..9
  • FortiOS model 6.4. by way of 6.4.11
  • FortiOS version 6.2. by 6.2.12
  • FortiOS 6. all versions
  • FortiProxy model 7.2. as a result of 7.2.2
  • FortiProxy variation 7.. by 7..8
  • FortiProxy model 2.. via 2..11
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions

Fixes are obtainable in FortiOS variations 6.2.13, 6.4.12, 7..10, 7.2.4, and 7.4. FortiOS-6K7K variations 6.2.13, 6.4.12, and 7..10 and FortiProxy versions 2..12, 7..9, and 7..9.

WEBINARDiscover the Concealed Risks of 3rd-Party SaaS Applications

Are you mindful of the pitfalls associated with 3rd-party app accessibility to your firm’s SaaS applications? Be part of our webinar to study about the kinds of permissions remaining granted and how to reduce risk.

RESERVE YOUR SEAT

As workarounds, Fortinet is recommending that users both disable the HTTP/HTTPS administrative interface or limit IP addresses that can arrive at it.

The disclosure will come weeks soon after the network security enterprise issued fixes for 40 vulnerabilities, two of which are rated Critical and effect FortiNAC (CVE-2022-39952) and FortiWeb (CVE-2021-42756) products.

Located this post intriguing? Abide by us on Twitter  and LinkedIn to study a lot more distinctive articles we write-up.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News US RESTRICT Act Gains Supports, Empowers Biden to Ban Foreign Tech
Next Post: New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic new scrubcrypt crypter used in cryptojacking attacks targeting oracle weblogic»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.