Cybersecurity company Fortinet this week announced patches for multiple severe vulnerabilities across its product portfolio, including a critical flaw in FortiOS and FortiProxy that could lead to remote code execution (RCE). The vulnerability, tracked as CVE-2023-25610, can be exploited without authentication to cause a denial-of-service (DoS) condition or execute code remotely on the affected products.
Fortinet has released patches for the vulnerability, and users are advised to update to the latest versions of FortiOS, FortiProxy, and FortiOS-6K7K. As a workaround, administrators can disable the HTTP/HTTPS administrative interface or set IP address restrictions for accessing the interface.
Additionally, Fortinet patched medium- and low-severity vulnerabilities in FortiOS, FortiProxy, FortiNAC, FortiSOAR, FortiWeb, FortiAnalyzer, FortiManager, FortiPortal, FortiSwitch, FortiRecorder, FortiAuthenticator, FortiDeceptor, and FortiMail. These vulnerabilities could lead to privilege escalation, XSS attacks, arbitrary commands execution, unauthorized code execution, and more.
Fortinet has not confirmed any malicious exploitation of these vulnerabilities, but such flaws can often be exploited shortly after the release of a patch. As such, users are advised to update their systems as soon as possible to protect against potential threats.
In summary, Fortinet this week patched multiple severe vulnerabilities impacting its product portfolio, including a critical flaw in FortiOS and FortiProxy that could lead to remote code execution. Patches were released for the flaw, and users are advised to update to the latest versions of their products. Additionally, Fortinet patched medium- and low-severity vulnerabilities in multiple products. Users are advised to update their systems as soon as possible to protect against potential threats.
Key Points:
• Fortinet this week announced patches for multiple severe vulnerabilities across its product portfolio.
• The most severe vulnerability affects FortiOS and FortiProxy and could lead to remote code execution.
• Patches are available for the vulnerability and users are advised to update to the latest versions of their products.
• Fortinet also patched medium- and low-severity vulnerabilities in multiple products.
• Users are advised to update their systems as soon as possible to protect against potential threats.