Fortinet Remote Code Execution Vulnerability (CVE-2023-33308)

A critical Remote Code Execution vulnerability (CVE-2023-33308) was discovered in FortiOS and FortiProxy products recently which may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

Fortinet has released the patches to remediate the vulnerability and strongly recommends customers to apply the update IMMEDIATELY.

 

Vulnerabilities

  • Remote Code Execution Vulnerability (CVE-2023-33308)

 

Severity Level

  • Critical

 

Affected Systems

  • FortiOS version 7.2.0 through 7.2.3
  • FortiOS version 7.0.0 through 7.0.10
  • FortiProxy version 7.2.0 through 7.2.2
  • FortiProxy version 7.0.0 through 7.0.9

 

Remediation

 

Reference

 

Enquiry

 

 

Published on: 20 Jul 2023