www.belgium.be Logo of the federal government

Warning: critical RCE vulnerability CVE-2023-33308 in FortiOS and FortiProxy products, Patch Immediately!

Referentie: 
Advisory #2023-80
Versie: 
1.0
Geïmpacteerde software: 
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.9
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2023-33308

Datum: 
13/07/2023

Bronnen

Fortiguard Labs - https://www.fortiguard.com/psirt/FG-IR-23-183

Risico’s

Exploitation of CVE-2023-33308 allows a remote unauthenticated attacker to execute code that can have a total impact on the confidentiality, integrity and availability of the targeted systems. The complexity of the attack is low and user interaction is not required.

At the time of writing, there is no proof of exploitation in the wild. Previous FortiOS flaws like this one were heavily exploited by threat actors in the past to gain initial access to the network to conduct data theft and ransomware attacks.

A previous vulnerability, CVE-2023-27997, in FortiOS SSL-VPN also showed the significant patch lag that exists with FortiOS appliances. Researchers kept finding thousands of unpatched devices after one month of the patches being available.

Unpatched critical vulnerabilities that can be exploited remotely without any required authentication and low attack complexity are particularly interesting for threat actors. Therefore, remediating CVE-2023-33308 is strongly advised.

Beschrijving

CVE-2023-33308 is a critical stack-based overflow vulnerability that allows a remote attacker to reach proxy and firewall policies by executing arbitrary code or command via crafted packets.

FortiGuard explicitly mentions that following product versions are not affected:

  • FortiOS 6.4 all versions
  • FortiOS 6.2 all versions
  • FortiOS 6.0 all versions
  • FortiProxy 2.x all versions
  • FortiProxy 1.x all versions

A workaround is also described in the advisory, advising to disable HTTP/2 support on SSL inspection profiles with proxy mode, that is used by proxy and firewall policies.

Aanbevolen acties

The Centre for Cyber Security Belgium strongly recommends system administrators to patch the affected systems after thorough testing. If patching is not immediately an option, follow the vendor's instructions to mitigate the vulnerability.

Referenties

Bleeping Computer - https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critica...