Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.
Discovered by Fortinet infosec engineer Kai Ni, CVE-2023-25610 is a buffer underwrite vulnerability found in the FortiOS and FortiProxy administrative interface.
Some hardware devices running a vulnerable FortiOS version are only impacted by the the DoS part of the issue, and those are listed in the security advisory.
FortiOS version 7.4.0 or above, 7.2.4 or above, 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.
FortiProxy version 7.2.3 or above, 7.0.9 or above, or 2.0.12 or above.
FortiOS-6K7K version 7.0.10 or above, 6.4.12 or above, or 6.2.13 or above.