CVE-2023-28002

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0 through 7.2.3 FortiProxy versions 2.0 through 7.2

Description The issue is related to an improper validation of integrity check value, which may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. This could potentially be exploited to load arbitrary images on the device.

Recommendations For FortiOS versions 6.0 through 7.2.3, update to a version that includes the fix for this issue. For FortiProxy versions 2.0 through 7.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.