4:10pm, 13 July 2023
TLP Rating:
Fortigate remote code execution vulnerability
A vulnerability has been discovered that affects FortiGate devices running FortiOS and FortiProxy.
This stack-based buffer overflow vulnerability allows for an attacker to run unauthorised code or commands remotely on the affected system.
The vulnerability is tracked as CVE-2023-33308.
What to look for
How to tell if you're at risk
All FortiGate devices running the following FortiOS and FortiProxy versions.
- FortiOS version 7.2.0 through 7.2.3.
- FortiOS version 7.0.0 through 7.0.10.
- FortiProxy version 7.2.0 through 7.2.2.
- FortiProxy version 7.0.0 through 7.0.9.
What to do
Prevention
Upgrade your devices running FortiOS or FortiProxy to the latest version as soon as possible.
Please upgrade to:
- FortiOS version 7.4.0 or above,
- FortiOS version 7.2.4 or above,
- FortiOS version 7.0.11 or above,
- FortiProxy version 7.2.3 or above,
- FortiProxy version 7.0.10 or above.
Mitigation
Disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.
Example with custom-deep-inspection profile:
config firewall ssl-ssh-profile
edit "custom-deep-inspection"
set supported-alpn http1-1
next
end
For more information see the Fortigate page on HTTP/2 support in proxy mode.
HTTP/2 support in proxy mode SSL inspection | FortiGate / FortiOS 7.0.0 (fortinet.com) External Link
More information
Official information released by Fortinet will be available here:
PSIRT Advisories | FortiGuard External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.