Fortinet has released security updates to address a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution (CVE-2023-33308). The bug is a stack-based overflow issue affecting deep inspection in proxy mode. By disabling deep inspection on proxy policies or firewall policies with proxy mode, exploitation can be prevented. Fortinet also announced patches for a medium-severity vulnerability in FortiOS that allows an attacker to reuse a deleted user’s session (CVE-2023-28001). Users are advised to apply the updates promptly to mitigate the risks, as unpatched Fortinet products have been targeted in previous attacks.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.