Fortinet Critical Flaw: Let a Remote Attacker Execute Arbitrary Code
Posted: Thu Nov 28, 2024 3:08 pm
A ‘critical’ severity flaw has been detected in FortiOS and FortiProxy, identified as CVE-2023-33308 (CVSS rating 9.8). A remote attacker can use the vulnerability on susceptible devices to execute Fortinet arbitrary code.
“A stack-based overflow vulnerability [CWE-124] in FortiOS&FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection”, reads the advisory published by Fortinet.
https://cybersecuritynews.com/fortios-rce-flaw/
“A stack-based overflow vulnerability [CWE-124] in FortiOS&FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection”, reads the advisory published by Fortinet.
https://cybersecuritynews.com/fortios-rce-flaw/