FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY - CVE-2022-25610

09 Mar / 2023

Cyber Security

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

CVE: CVE-2022-25610

What is Vulnerable

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

WHAT'S HAPPENED:

Fortinet have published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.

WHAT YOU CAN DO:

We strongly recommend that all customers using Fortigate Firewalls immediately upgrade to the latest version, which includes a patch for this vulnerability.
Further details on the vulnerability are available here:
https://www.fortiguard.com/psirt/FG-IR-23-001
Update resources can be found here:
ForiGate: https://docs.fortinet.com/product/fortigate/7.2
FortiProxy: https://docs.fortinet.com/product/fortiproxy/7.2

Cythera is continuing to monitor all Managed Detection and Managed Vulnerability clients.

Resources

You may be interested in

Protecting a distributed workforce.

COVID-19 has quickly switched many organisations to full work remote / from home policies, and IT teams are dusting off disaster recovery and bu…

Upcoming ISO 27001 Audit? 5 Ways to Nail It.

Undergoing an ISO 27001 audit can be a stressful time, not only do you have your day-to-day role to manage, but you also need to spend months in…

How to build a robust cybersecurity penetration testing program.

In light of growing high-profile cyber security attacks in Australia, a number of organisations and enterprises are looking to improve their cyb…