July 12, 2023 By Pierluigi Paganini
Fortinet warns of a critical vulnerability impacting FortiOS and FortiProxy that can allow remote attackers to perform arbitrary code execution.
Fortinet has disclosed a critical vulnerability, tracked as CVE-2023-33308 (CVSS score 9.8), that impacts FortiOS and FortiProxy. A remote attacker can exploit the vulnerability to perform arbitrary code execution on vulnerable devices.
The issue is a stack-based overflow vulnerability that can be exploited via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
“A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.” reads the advisory published by the vendor.
The vulnerability impacts the following FortiOS versions: