FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY - CVE-2022-25610

09 Mar / 2023

Cyber Security

FORTIGUARD FIREWALL HEAP-BASED BUFFER OVERFLOW VULNERABILITY

CVE: CVE-2022-25610

What is Vulnerable

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

WHAT'S HAPPENED:

Fortinet have published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.

WHAT YOU CAN DO:

We strongly recommend that all customers using Fortigate Firewalls immediately upgrade to the latest version, which includes a patch for this vulnerability.
Further details on the vulnerability are available here:
https://www.fortiguard.com/psirt/FG-IR-23-001
Update resources can be found here:
ForiGate: https://docs.fortinet.com/product/fortigate/7.2
FortiProxy: https://docs.fortinet.com/product/fortiproxy/7.2

Cythera is continuing to monitor all Managed Detection and Managed Vulnerability clients.

Resources

You may be interested in

How to Prevent Ransomware Attacks

How to Prevent Ransomware Attacks Ransomware incidents are becoming prolific in Australia. We’re seeing an increased amount of businesses com…

Cyber Insurance And Penetration Testing: How Australian Businesses Can Mitigate Cyber Risk

Cyber Insurance And Penetration Testing: How Australian Businesses Can Mitigate Cyber RiskIn the early 2000s, cyber insurance was a relatively n…

Easy (and Cheap!) ways to secure your corporate email domain

Email is such a critical business tool for many businesses. And the massive shift to a “Work from Anywhere” model has led to an increased ri…