CVE-2023-25610

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to the fixed version FortiProxy versions prior to the fixed version FortiManager versions prior to the fixed version FortiAnalyzer versions prior to the fixed version FortiWeb versions prior to the fixed version FortiSwitchManager versions prior to the fixed version

Description The issue is related to a buffer underwrite vulnerability in the administrative interface of the affected products, which could allow a remote unauthenticated attacker to execute arbitrary code on the device or perform a Denial of Service (DoS) on the GUI. This can be achieved via specifically crafted requests. There are no known instances of this vulnerability being exploited in the wild.

Recommendations For FortiOS, update to a version that includes the security patch for this issue. For FortiProxy, update to a version that includes the security patch for this issue. For FortiManager, update to a version that includes the security patch for this issue. For FortiAnalyzer, update to a version that includes the security patch for this issue. For FortiWeb, update to a version that includes the security patch for this issue. For FortiSwitchManager, update to a version that includes the security patch for this issue. As a temporary workaround, consider restricting access to the administrative interface until a patch is available.