Platform
- Platform
- Platform Overview
  All Technology Asset Intelligence in 1 place.
- Asset Discovery
  In-depth discovery across the technology estate.
- Asset Inventory
  All asset data unified in one place.
- Asset Analytics
  Empower your decision-making with trusted data.
TRY NOW
Why Lansweeper?
- Why Lansweeper?
- Why Lansweeper?
  Lansweeper helps you to minimize risks and optimize your IT by providing actionable insight into your entire technology estate.
- By Role
  Complete visibility for everyone.
  For System Administrators For IT Managers For C-suite For Cybersecurity Teams For IT Support For MSPs
- By Use Case
  Fuel any IT scenario.
  Discover & Inventory My IT Assets OT Asset Management Replace Inventory Spreadsheets Enhance Cybersecurity Improve CMDB Data Quality Achieve Service Desk Excellence
- By Industry
  Flexibility for your industry.
  Education Healthcare Manufacturing Public Sector
TRY NOW
Integrations
Partners
- Partners
- Partner Ecosystem
  Leverage the power of our data to accelerate growth.
- MSP
  Exceed customer expectations with data-driven managed services.
- ISV Technology Partners
  Integrate or embed our technology to build smarter solutions.
- Channel Partners
  Whether you service, distribute, consult, or resell – we have partner programs to help you grow.
- Find a partner
  Find a trusted Lansweeper certified partner.
TRY NOW
Pricing
Resources
- Resources
- Resources
  Browse resources tailored to your needs.
- Blog
  Discover the latest product news, pro tips, and more.
- Support Help Center
  Need help? Browse extensive resources.
- Success Stories
- Ebooks & White Papers
  Detailed documents you can download for free.
- Webinars & Events
  Register for live or virtual events.
- Report Library
  Browse our extensive audit report library.
- Community
  Start a conversation with your peers.
- Developer Portal
TRY NOW

TRY NOW

Vulnerability

Fortinet Fixes Critical Vulnerability in FortiOS and FortiProxy

3 min. read

09/03/2023

By Laura Libeer

⚡ TL;DR | Go Straight to the Fortinet Buffer Underwrite Vulnerability Report

Fortinet has released security updates for several versions of FortiOS and FortiProxy in response to a critical buffer underwrite vulnerability. The issue could allow an attacker to execute arbitrary code or perform a denial of service on the GUI. These could in turn compromise business-critical data or seriously disrupt operations.

Fortinet Vulnerability CVE-2023-25610

The vulnerability tracked as CVE-2023-25610 is a buffer underwrite vulnerability in the administrative interface on multiple versions of FortiOS and FortyProxy. It has a CVSSv3 score of 9.3 which gives it a critical severity. So far there are no reports of the issue being exploited in the wild. Successful exploitation of CVE-2023-25610 could allow a remote unauthenticated attacker to execute arbitrary code and perform a denial of service (DoS) on the GUI.

Protect Vulnerable Fortinet Devices

CVE-2023-25610 affects several different versions of FortiOS and FortiProxy. However, not all devices are equally vulnerable. All devices running the vulnerable FortiOS are at risk of DoS, but not all of them are impacted by the arbitrary code execution part of the issue. You can find a full list of devices that are only affected by the DoS issue in Fortinet’s security advisory.

Either way, you should update all vulnerable instances of FortiOS and FortiProxy as soon as possible, in order to protect your devices from attackers. You can find a list of all affected and updated versions below. If you are unable to update right away, Fortinet’s advisory also provides a workaround you can use for now.

Affected Versions

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

Upgrade to

FortiOS version 7.4.0 or above
FortiOS version 7.2.4 or above
FortiOS version 7.0.10 or above
FortiOS version 6.4.12 or above
FortiOS version 6.2.13 or above
FortiProxy version 7.2.3 or above
FortiProxy version 7.0.9 or above
FortiProxy version 2.0.12 or above
FortiOS-6K7K version 7.0.10 or above
FortiOS-6K7K version 6.4.12 or above
FortiOS-6K7K version 6.2.13 or above

Discover Vulnerable Fortinet Devices

Based on Fortinet’s advisory, our team has created a special report to help you find any Fortinet devices in your network that may be vulnerable to the vulnerability described above. The report will give you an actionable list of devices that may still need to be updated.

Fortinet audit example

Run the Fortinet Buffer Underwrite Vulnerability Audit

STAY UPDATED

Receive the latest vulnerability audit reports

Sign up for free.

"*" indicates required fields

Email*

Hidden

EmailType

Hidden

IM – Conv Page – Processing

Hidden

IM – UTM_Campaign FC – Processing

Hidden

IM – UTM_Campaign LC – Processing

Hidden

IM – UTM_Content FC – Processing

Hidden

IM – UTM_Content LC – Processing

Hidden

IM – UTM_Medium FC – Processing

Hidden

IM – UTM_Medium LC – Processing

Hidden

IM – UTM_Source FC – Processing

Hidden

IM – UTM_Source LC – Processing

Hidden

IM – UTM_Term FC – Processing

Hidden

IM – UTM_Term LC – Processing

Hidden

gclid

Hidden

msclkid

Name

This field is for validation purposes and should be left unchanged.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.

TRY NOW TALK TO SALES