New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access


A severe vulnerability affecting FortiOS and FortiProxy has been fixed by Fortinet, which also published solutions for the other 15 security issues. This vulnerability might allow a threat actor to take over the affected systems. Security teams within the company found and reported the problem, which is listed as CVE-2023-25610 and has a severity rating of 9.3 out of 10.

“A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interface may allow a remote, unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted queries,” according to a Fortinet alert.

Read More…