FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY - CVE-2022-25610

09 Mar / 2023

Cyber Security

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

CVE: CVE-2022-25610

What is Vulnerable

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

WHAT'S HAPPENED:

Fortinet have published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.

WHAT YOU CAN DO:

We strongly recommend that all customers using Fortigate Firewalls immediately upgrade to the latest version, which includes a patch for this vulnerability.
Further details on the vulnerability are available here:
https://www.fortiguard.com/psirt/FG-IR-23-001
Update resources can be found here:
ForiGate: https://docs.fortinet.com/product/fortigate/7.2
FortiProxy: https://docs.fortinet.com/product/fortiproxy/7.2

Cythera is continuing to monitor all Managed Detection and Managed Vulnerability clients.

Resources

You may be interested in

Does Your Organisation Need Cyber Security Training?

If you’re serious about protecting your company, then the only answer is yes! New employees are onboarded are expected to understand and abid…

Common Scenarios Where Organisational Oversight Leads To Key Cyber Vulnerabilities

Common Scenarios Where Organisational Oversight Leads To Key Cyber Vulnerabilities As Australian organisations move into 2024, there's an incre…

4 Times Security Monitoring Technology Alone will Fail to Prevent Attack

With clear advantages over its reactive alternatives, Managed Detection & Response (MDR) is fast becoming the world’s most popular security so…