Another Critical Flaw Found in Fortinet Products and CorpInfoTech’s Response
On March 7, 2023 Fortinet released an advisory stating that a critical flaw was found to be impacting both FortiOS and FortiProxy. This flaw could allow an external threat actor to execute malicious code and take control of an infected system.
The flaw has been classified as a 9.3 out of 10 in terms of severity and has been tagged: “CVE-2023-25610”. If exploited, this vulnerability could allow bad actors to remotely take control of a device and move throughout the rest of the network in order to exfiltrate data or conduct a Denial of Service (DoS) attack.
In Fortinet’s advisory, the flaw is is described as:
“A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.”
While not aware of any activate exploitation of this flaw, Fortinet still urges customers to update and patch the affected devices to avoid becoming a victim of a potential data breach.
CorpInfoTech’s Response
CorpInfoTech stays up to date on any vulnerabilities impacting or present within our clients network. For our managed service clients, we already have protocols to protect their systems from this particular attack vector.
CorpInfoTech takes a proactive approach to security and seeks to protect its clients before a vulnerability is exploited. We have already started patching any devices that could be impacted by this flaw and our clients were secured within 24 hours of the advisory being released.
CorpInfoTech’s managed IT or co-managed IT services can be an extension of your organization, allowing you to focus on your everyday business goals.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Comments are closed