This week, the cybersecurity firm Fortinet released patches for a number of critical flaws in its product line, including one in FortiOS and FortiProxy that could result in remote code execution (RCE).
The problem, which has been assigned the tracking number CVE-2023-25610 (CVSS score of 9.3), affects the administrative interface of the affected products and can be used without authentication to execute code or to bring about a denial-of-service (DoS) condition using specially crafted requests. The flaw affects all 6.0 versions, FortiOS versions 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, and versions 7.2.0 through 7.2.3. Additionally affected are FortiProxy versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 2.0.0 through 2.0.11, all 1.2 versions, and all 1.1 versions.
Administrators have two options for getting around this problem: they can either disable the HTTP/HTTPS administrative interface or restrict access to it by IP address.
Read More: Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
