Critical RCE Bug Opens Fortinet's Secure Web Gateway to TakeoverCritical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.
March 9, 2023

Fortinet is warning users to patch a critical remote code execution (RCE) vulnerability in the FortiOS operating system, and in the FortiProxy secure Web gateway.
An alert this week from FortiGuard Labs said a heap buffer underflow bug in the administrative interface could allow an unauthenticated, remote cyberattacker to execute code on a device running the platforms. The vulnerability could also allow a threat actor to perform a denial-of-service (DoS) attack on the GUI of devices running the vulnerable code, Fortinet added.
Fortinet has issued a security update for FortiOS and FortiProxy interfaces, and noted that no exploitation has been detected yet.
"Fortinet is not aware of any instance where this vulnerability was exploited in the wild," the alert explained. "We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame."
This is the latest bug to come to light in the popular security appliance vendor's gear. Just late last month, Fortinet urged FortiNAC users to update their systems against a flaw that allowed unauthenticated attackers to write arbitrary system files.
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023Everything You Need to Know About DNS Attacks
Nov 30, 2023