Threat Alert

by IthacaLabs™

THREAT LEVEL/High 09/03/2023

New Critical Flaw in FortiOS and FortiProxy

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.


We have observed that a new critical vulnerability in FortiOS and FortiProxy, has been identified.

An attacker, by exploiting this vulnerability, could achieve remote code execution or perform denial of service (DoS) on the vulnerable devices.

This critical vulnerability, tracked as CVE-2023-25610, is a buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interfaces.

This type of flaw occurs when a program tries to read more data from a memory buffer than is available, resulting in accessing adjacent memory locations, leading to unpredictable behavior, leakage of sensitive data from memory and/or crashes.

A remote unauthenticated attacker, via specifically crafted requests, could exploit this issue and execute arbitrary code and/or perform a DoS attack on the GUI of the affected devices. This could enable the remote attacker to take control of the affected systems.



Affected Systems

  • FortiOS version 7.2.0 through 7.2.3
  • FortiOS version 7.0.0 through 7.0.9
  • FortiOS version 6.4.0 through 6.4.11
  • FortiOS version 6.2.0 through 6.2.12
  • FortiOS 6.0 all versions
  • FortiProxy version 7.2.0 through 7.2.2
  • FortiProxy version 7.0.0 through 7.0.8
  • FortiProxy version 2.0.0 through 2.0.11
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions


You should proceed immediately and apply the relevant security patches provided by the vendor and/or update to the latest versions of FortiOS and FortiProxy that are not affected by this vulnerability.
Fixes are available in:

• FortiOS versions 6.2.13, 6.4.12, 7.0.10, 7.2.4, and 7.4.0
• FortiOS-6K7K versions 6.2.13, 6.4.12, and 7.0.10
• FortiProxy versions 2.0.12, 7.0.9, and 7.0.9.

Note that as workarounds, it is recommended that the administrators of the affected devices either disable the HTTP/HTTPS administrative interface or limit the IP addresses that can reach it remotely.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.


Get the latest Threat Alerts in your inbox.