CVE-2023-25610 is a critical vulnerability in the sslvpn module.
Situation
This buffer underflow vulnerability is tracked as CVE-2023-25610 and received a CVSSv3 score of 9.3 out of 10. This vulnerability could allow anonymous attackers to execute arbitrary code, execute commands and/or crash the device by sending specifically crafted network packages. Fortinet informed that this vulnerability was internally discovered during continuous security testing of their products.
Affected OS
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS version 6.0.X
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy version 1.2.X
FortiProxy version 1.1.X
Workaround
Disable access to the administrative interface or limit access to it. Please follow the guide in the Fortinet PSIRT Advisory.
Solution
Upgrade to fixed versions according to the Fortinet PSIRT Advisory.
How to detect an attack
There is currently only very limited information available about this attack and no proof of concept code is available. We are working on the detection capabilities.
We are proactively updating the devices in our control and are constantly monitoring our central logging infrastructure.
Please contact Sidarion over support@sidarion.ch in case of questions, if you need further support or think your systems might have been compromised.
Please contact Sidarion in case of questions, if you need further support or think your systems might have been compromised.