Fortinet has released security updates to address a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution (CVE-2023-33308). The bug is a stack-based overflow issue affecting deep inspection in proxy mode. By disabling deep inspection on proxy policies or firewall policies with proxy mode, exploitation can be prevented. Fortinet also announced patches for a medium-severity vulnerability in FortiOS that allows an attacker to reuse a deleted user’s session (CVE-2023-28001). Users are advised to apply the updates promptly to mitigate the risks, as unpatched Fortinet products have been targeted in previous attacks.

Read more: https://www.securityweek.com/fortinet-patches-critical-fortios-vulnerability-leading-to-remote-code-execution/