Critical RCE Bug Opens Fortinet's Secure Web Gateway to TakeoverCritical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.
March 9, 2023
Fortinet is warning users to patch a critical remote code execution (RCE) vulnerability in the FortiOS operating system, and in the FortiProxy secure Web gateway.
An alert this week from FortiGuard Labs said a heap buffer underflow bug in the administrative interface could allow an unauthenticated, remote cyberattacker to execute code on a device running the platforms. The vulnerability could also allow a threat actor to perform a denial-of-service (DoS) attack on the GUI of devices running the vulnerable code, Fortinet added.
Fortinet has issued a security update for FortiOS and FortiProxy interfaces, and noted that no exploitation has been detected yet.
"Fortinet is not aware of any instance where this vulnerability was exploited in the wild," the alert explained. "We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame."
This is the latest bug to come to light in the popular security appliance vendor's gear. Just late last month, Fortinet urged FortiNAC users to update their systems against a flaw that allowed unauthenticated attackers to write arbitrary system files.
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023