Headline
CVE-2023-33308: Fortiguard
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.
** PSIRT Advisories**
FortiOS/FortiProxy - Proxy mode with deep inspection - Stack-based buffer overflow
Summary
A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Workaround:
Disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.
Example with custom-deep-inspection profile:
config firewall ssl-ssh-profile
edit “custom-deep-inspection”
set supported-alpn http1-1
next
end
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/710924/http-2-support-in-proxy-mode-ssl-inspection
Affected Products
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.9
Products NOT affected:
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiProxy 2.x all versions
FortiProxy 1.x all versions
Solutions
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.11 or above
Please upgrade to FortiProxy version 7.2.3 or above
Please upgrade to FortiProxy version 7.0.10 or above
Acknowledgement
This issue was resolved in a previous release as a bug without a corresponding PSIRT Advisory. Fortinet would like to thank Watchtowr for sharing this omission.
Timeline
2023-07-11: Initial publication
Related news
SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Apple Tags: Android Tags: Cisco Tags: Fortinet Tags: MOVEit Tags: Mozilla Tags: SAP Tags: VMware Tags: CVE-2023-32049 Tags: CVE-2023-35311 Tags: CVE-2023-32046 Tags: CVE-2023-36874 Tags: CVE-2023-36844 For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities, four of which are known to have been actively exploited. (Read more...) The post Update now! Microsoft patches a whopping 130 vulnerabilities appeared first on Malwarebytes Labs.