Advisory July 13, 2023

CVE-2023-33308: Vulnerability in FortiOS & FortiProxy

The Obrela Threat Intelligence Team

A stack-based overflow vulnerability (CVE-2023-33308) was detected in FortiOS & FortiProxy.

The vulnerability (CWE-124) causes out of bounds memory access which can possibly result in the corruption of relevant memory and later remote code execution.

Specifically, in FortiOS & FortiProxy the vulnerability resides in the way FortiOS and FortiProxy handle certain network packets during deep inspection. An attacker can send crafted packets to trigger a stack-based buffer overflow condition which can eventually lead to remote execution of arbitrary code or commands. This could have severe consequences like potential unauthorized access, data breaches, or system compromise.

In more detail, some of the most dangerous consequences can be seen below:

  • Remote code/command execution: Attackers can execute arbitrary code or commands on the affected system, gaining unauthorized access and control.
  • Unauthorized access: This vulnerability allows unauthorized individuals to access sensitive data, user credentials, or launch further attacks within the network.
  • System compromise: Exploitation of this vulnerability can result in compromise of the entire system, potentially leading to a complete loss of confidentiality, integrity, and availability.

Affected Products:

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.9

Products NOT affected:

FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiProxy 2.x all versions
FortiProxy 1.x all versions

Solutions:

1.Upgrade to the latest patched version:

  • Please upgrade to FortiOS version 7.4.0 or above
  • Please upgrade to FortiOS version 7.2.4 or above
  • Please upgrade to FortiOS version 7.0.11 or above
  • Please upgrade to FortiProxy version 7.2.3 or above
  • Please upgrade to FortiProxy version 7.0.10 or above

2. Enable automatic updates: Configure the systems to automatically download and install the latest security patches and updates to ensure protection against known vulnerabilities.

3. Implement least privilege: Restrict user privileges and permissions to mitigate the impact of a successful attack.

4. Restrict network access: Implement appropriate network access controls, firewalls, and security policies to minimize exposure to potential threats.

5. Regularly monitor: Continuously monitor the network for any suspicious activity.

6. Regular audits: Perform regular security audits to identify and address potential vulnerabilities.

Fortinet has been notified of this vulnerability and has taken appropriate measures.

It is important that all organizations take immediate action to protect their systems against this vulnerability by implemented the above suggested solutions.

The SOC teams of OBRELA remain vigilant and are closely monitoring clients’ infrastructure regarding potential exploitation attempts and IoCs.

References:

https://www.fortiguard.com/psirt/FG-IR-23-183

https://cwe.mitre.org/data/definitions/124.html