Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices.
“A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection,” warns Fortinet in a new advisory.
The Fortinet advisory has clarified that FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308.
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug.
Fortinet fixes critical FortiNAC remote command execution flaw.
VMware warns of critical vRealize flaw exploited in attacks.