CVE-2023-33308: Fortinet Patches Critical RCE Vulnerability in FortiOS/FortiProxy

CVE-2023-33308

The digital world we inhabit today is akin to a fortress, a citadel that guards the vast swathes of sensitive data and critical operations that define our personal and professional lives. But even the most formidable fortresses have hidden vulnerabilities that could potentially threaten their seemingly impenetrable ramparts. In the realm of cybersecurity, these vulnerabilities can have far-reaching implications if left unaddressed.

Fortinet has released patches to address two security vulnerabilities in Fortinet’s FortiOS and FortiProxy software.

CVE-2023-28001 (CVSS score of 4.1): FortiOS – Existing websocket connection persists after deleting API admin

Imagine a fortress whose gates, once opened to a visitor, cannot be sealed even after the visitor has departed. This is essentially what happens with the vulnerability identified as CVE-2023-28001 in Fortinet’s FortiOS. This flaw, classified as ‘Insufficient Session Expiration [CWE-613]’, allows a deleted user’s session to persist if the attacker manages to secure the API token.

Think of it as an invisible phantom lingering in your digital fortress, potentially causing havoc unbeknownst to you. This particular vulnerability affects FortiOS versions 7.2.0 through 7.2.4 and all 7.0 versions.

The recommended solution? Upgrade to FortiOS version 7.4.0 or above. Like securing your fortress with a new and improved lock, this simple action ensures that no unwelcome guests remain within your digital walls.

CVE-2023-33308 (CVSS score of 9.8): FortiOS/FortiProxy – Proxy mode with deep inspection – Stack-based buffer overflow

The second vulnerability, CVE-2023-33308, is a more serious concern. A stack-based overflow vulnerability [CWE-124] in Fortinet’s FortiOS and FortiProxy might allow a remote attacker to execute arbitrary code or commands via carefully crafted packets. This is similar to an enemy launching an arrow with a flaming message, reaching the heart of your fortress, and causing damage and chaos from within.

This vulnerability affects FortiOS versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, and FortiProxy versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.9.

A temporary solution is to disable deep inspection on proxy policies or firewall policies with proxy mode, essentially, raising your drawbridge and reinforcing your walls. But a more robust and permanent solution lies in upgrading your software to the recommended versions: FortiOS version 7.4.0, 7.2.4, 7.0.11 or above, and FortiProxy version 7.2.3, 7.0.10 or above. This is akin to rebuilding and strengthening your fortress towers, ensuring they are impervious to future attacks.