4:10pm, 13 July 2023
TLP Rating:
Fortigate remote code execution vulnerability
A vulnerability has been discovered that affects FortiGate devices running FortiOS and FortiProxy.
This stack-based buffer overflow vulnerability allows for an attacker to run unauthorised code or commands remotely on the affected system.
The vulnerability is tracked as CVE-2023-33308.
What to look for
How to tell if you're at risk
All FortiGate devices running the following FortiOS and FortiProxy versions.
- FortiOS version 7.2.0 through 7.2.3.
- FortiOS version 7.0.0 through 7.0.10.
- FortiProxy version 7.2.0 through 7.2.2.
- FortiProxy version 7.0.0 through 7.0.9.
What to do
Prevention
Upgrade your devices running FortiOS or FortiProxy to the latest version as soon as possible.
Please upgrade to:
- FortiOS version 7.4.0 or above,
- FortiOS version 7.2.4 or above,
- FortiOS version 7.0.11 or above,
- FortiProxy version 7.2.3 or above,
- FortiProxy version 7.0.10 or above.
Mitigation
Disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.
Example with custom-deep-inspection profile:
config firewall ssl-ssh-profile
edit "custom-deep-inspection"
set supported-alpn http1-1
next
end
For more information see the Fortigate page on HTTP/2 support in proxy mode.
HTTP/2 support in proxy mode SSL inspection | FortiGate / FortiOS 7.0.0 (fortinet.com) External Link
More information
Official information released by Fortinet will be available here:
PSIRT Advisories | FortiGuard External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.