Cyber Security Threat Summary:
Fortinet recently disclosed a critical severity flaw impacting FortiOS and FortiProxy that could enable remote attackers to execute arbitrary code on vulnerable devices. Tracked as CVE-2023-33308, the flaw was uncovered to disclosed to Fortinet by cybersecurity firm Watchtowr. According to Fortinet, CVE-2023-33308 relates to a stack-based overflow vulnerability and could allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.” Typically stack-based overflows occur when a program writes more data to a buffer than the allocated memory space. A threat actor can exploit these flaws by sending specially crafted input that exceeds the buffer’s capacity to overwrite critical memory parameters relating to functions, in turn leading to malicious code execution.

CVE-2023-33308 impacts the following FortiOS versions

• FortiOS version 7.2.0 through 7.2.3
• FortiOS version 7.0.0 through 7.0.10
• FortiProxy version 7.2.0 through 7.2.2
• FortiProxy version 7.0.0 through 7.0.9

And has been patched in the following versions:

• FortiOS version 7.2.4 or above
• FortiOS version 7.0.11 or above
• FortiProxy version 7.2.3 or above
• FortiProxy version 7.0.10 or above

Note: FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308.

Security Officer Comments:
Fortinet did not disclose whether the flaw was exploited in attacks in the wild. However, leaving these flaws left unpatched can be dire consequences as it allows threat actors to easily gain initial access to corporate networks. Given the public disclosure, it won’t be long before threat actors exploit the vulnerability in attacks.

Suggested Correction(s):
Organizations should apply the latest updates as soon as possible to prevent potential exploitation attempts.

Link(s):
https://www.bleepingcomputer.com/ne...tical-rce-flaw-in-fortios-fortiproxy-devices/