• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new critical flaw in fortios and fortiproxy could give hackers

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

You are here: Home / General Cyber Security News / New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
March 9, 2023

Fortinet has introduced fixes to handle 15 security flaws, which includes one particular critical vulnerability impacting FortiOS and FortiProxy that could help a danger actor to acquire control of affected devices.

The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally identified and claimed by its security teams.

“A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interface may enable a remote unauthenticated attacker to execute arbitrary code on the machine and/or complete a DoS on the GUI, through specially crafted requests,” Fortinet explained in an advisory.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Underflow bugs, also known as buffer underruns, come about when the input details is shorter than the reserved house, producing unpredictable habits or leakage of sensitive data from memory.

Other feasible effects involve memory corruption that could possibly be weaponized to induce a crash or execute arbitrary code.

Fortinet explained it truly is not knowledgeable of any malicious exploitation attempts from the flaw. But offered that prior flaws in software have arrive underneath active abuse in the wild, it is essential that users transfer rapidly to use the patches.

The adhering to versions of FortiOS and FortiProxy are impacted by the vulnerability –

  • FortiOS version 7.2. by means of 7.2.3
  • FortiOS variation 7.. via 7..9
  • FortiOS model 6.4. by way of 6.4.11
  • FortiOS version 6.2. by 6.2.12
  • FortiOS 6. all versions
  • FortiProxy model 7.2. as a result of 7.2.2
  • FortiProxy variation 7.. by 7..8
  • FortiProxy model 2.. via 2..11
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions

Fixes are obtainable in FortiOS variations 6.2.13, 6.4.12, 7..10, 7.2.4, and 7.4. FortiOS-6K7K variations 6.2.13, 6.4.12, and 7..10 and FortiProxy versions 2..12, 7..9, and 7..9.

WEBINARDiscover the Concealed Risks of 3rd-Party SaaS Applications

Are you mindful of the pitfalls associated with 3rd-party app accessibility to your firm’s SaaS applications? Be part of our webinar to study about the kinds of permissions remaining granted and how to reduce risk.

RESERVE YOUR SEAT

As workarounds, Fortinet is recommending that users both disable the HTTP/HTTPS administrative interface or limit IP addresses that can arrive at it.

The disclosure will come weeks soon after the network security enterprise issued fixes for 40 vulnerabilities, two of which are rated Critical and effect FortiNAC (CVE-2022-39952) and FortiWeb (CVE-2021-42756) products.

Located this post intriguing? Abide by us on Twitter  and LinkedIn to study a lot more distinctive articles we write-up.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News US RESTRICT Act Gains Supports, Empowers Biden to Ban Foreign Tech
Next Post: New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic new scrubcrypt crypter used in cryptojacking attacks targeting oracle weblogic»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.