In its security warning WID-SEC-2023-1438, the BSI reports that attackers can use several vulnerabilities to carry out a DoS attack in Fortinet FortiOS or to implement any code. The Product Security Incident Response Team (PSIRTS) provided by Fortinet.
The BSI report on the vulnerabilities in FortiOS refers directly to the Product Security Incident Response Team (PSIRTS) from Fortinet. There the high risk vulnerabilities are listed with CVSSv3 scores of 6,4, 7,3 and 8,3. However, the BSI writes of an 8,8 rating.
FortiOS vulnerability: Attackers can launch DoS attacks
This is what the gaps and mean with the following CVSSv3 values
FG-IR-23-125: CVSSv3 score 6,4
FortiOS - Null pointer dereference in SSLVPND proxy endpoint
A null pointer dereference vulnerability [CWE-476] in FortiOS could allow an authenticated attacker to crash the SSL VPN daemon via specially crafted HTTP requests to the /proxy endpoint.
FG-IR-23-111: CVSSv3 score 7,3
A null pointer dereference vulnerability [CWE-476] in FortiOS could allow an unauthenticated remote attacker to crash the SSL VPN daemon via specially crafted HTTP requests.
FG-IR-23-119: CVSSv3 score 8,3
Leveraging the externally controlled format string vulnerability [CWE-134] in the FortiOS Fclicense daemon, an authenticated remote attacker can execute arbitrary code or commands via specially crafted requests.
Update recommendations are available
For all vulnerabilities there are already solutions provided by Fortinet. The updates are quick and easy to implement. The Fortinet team states on the pages which FortiOS version is vulnerable and from which new version the vulnerability is closed.
FortiOS versions 7.2.0 to 7.2.4
FortiOS versions 7.0.0 to 7.0.11
FortiOS versions 6.4.0 to 6.4.12
FortiOS versions 6.2.0 to 6.2.14
FortiOS 6.0 all versions
The most severe vulnerability, 8,3, affects all of these FortiOS versions. Their update also closes the other gaps in one go.
More at Fortinet.com
About Fortinet Fortinet (NASDAQ: FTNT) protects the most valuable resources of some of the largest companies, service providers and government agencies worldwide. We offer our customers complete transparency and control over the expanding attack surface as well as the ability to meet ever higher performance requirements now and in the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in network, application, multi-cloud or edge environments. Fortinet is # 1 when it comes to the most commonly shipped security appliances. More than 455.000 customers trust Fortinet to protect their brands. Both a technology company and a training company, the Fortinet Network Security Expert (NSE) Institute has one of the largest and most comprehensive cyber security training programs in the industry. More information on this at www.fortinet.de, in the Fortinet blog or at FortiGuard Labs.