Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.
Fortinet is warning users to patch a critical remote code execution (RCE) vulnerability in the FortiOS operating system, and in the FortiProxy secure Web gateway.
An alert this week from FortiGuard Labs said a heap buffer underflow bug in the administrative interface could allow an unauthenticated, remote cyberattacker to execute code on a device running the platforms. The vulnerability could also allow a threat actor to perform a denial-of-service (DoS) attack on the GUI of devices running the vulnerable code, Fortinet added.
Fortinet has issued a security update for FortiOS and FortiProxy interfaces, and noted that no exploitation has been detected yet.
"Fortinet is not aware of any instance where this vulnerability was exploited in the wild," the alert explained. "We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame."
This is the latest bug to come to light in the popular security appliance vendor's gear. Just late last month, Fortinet urged FortiNAC users to update their systems against a flaw that allowed unauthenticated attackers to write arbitrary system files.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024