- 160/2023
- Critical
Fortinet has released security updates to fix several vulnerabilities in multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to overflow a buffer, execute arbitrary code, directory traversal, obtain sensitive information, and gain access to the affected products by sending specially crafted requests.
Sample of the addressed vulnerabilities:
Fortinet FortiOS and Fortinet FortiProxy Buffer Overflow (CVE-2023-33308):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- FortiOS version 7.0.0 through 7.0.10.
- FortiProxy version 7.2.0 through 7.2.2.
- FortiExtender versions 5.3 and all subsequent versions.
- FortiManager version 7.2.0 through 7.2.1.
- FortiAnalyzer version 6.4 and all subsequent versions.
Vulnerabilities
- CVE-2023-33308
- CVE-2023-28001
- CVE-2023-25606
- CVE-2022-23447
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.