FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY - CVE-2022-25610

09 Mar / 2023

Cyber Security

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

CVE: CVE-2022-25610

What is Vulnerable

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

WHAT'S HAPPENED:

Fortinet have published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.

WHAT YOU CAN DO:

We strongly recommend that all customers using Fortigate Firewalls immediately upgrade to the latest version, which includes a patch for this vulnerability.
Further details on the vulnerability are available here:
https://www.fortiguard.com/psirt/FG-IR-23-001
Update resources can be found here:
ForiGate: https://docs.fortinet.com/product/fortigate/7.2
FortiProxy: https://docs.fortinet.com/product/fortiproxy/7.2

Cythera is continuing to monitor all Managed Detection and Managed Vulnerability clients.

Resources

You may be interested in

3 Security Threats Today’s Technologies Struggle To Protect You From

Why you need a comprehensive Managed Detection and Response (MDR) service now more than ever.As the security industry adapts to match the ever-e…

Why Cythera partners with CrowdStrike to help customers achieve ACSC’s Essential Eight Level 1

Developed by the Australian Signals Directorate (ASD), The Essential 8 (E8) is a prioritised list of mitigation strategies designed to help Aust…

Microsoft Outlook for Windows 0-Day Vulnerability - CVE-2023-23397

Microsoft Outlook for Windows 0Day vulnerabilityCVE: CVE-2023-23397 WHAT IS VULNERABLE? All versions of Outlook for Windows Outlook Web Acces…