Critical RCE Vulnerability in FortiOS & FortiProxy (CVE-2023-25610)

Share :

On Tuesday, 7 March 2023, Fortinet published a security advisory detailing an unauthenticated remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-25610). The vulnerability was internally discovered by Fortinet, and exploitation has not been observed in the wild at this time. A proof of concept (PoC) exploit has not been published publicly for this vulnerability at this time. 

As demonstrated in CISA’s Known Exploited Vulnerabilities Catalog, threat actors have actively exploited similar Fortinet vulnerabilities in the past in multiple instances. Due to the severity of the vulnerability and the fact that similar vulnerabilities have been weaponised by threat actors, Arctic Wolf strongly recommends upgrading to the latest available versions of FortiOS and FortiProxy on all affected devices. 

Recommendations for CVE-2023-25610

Recommendation #1: Upgrade FortiOS and FortiProxy on affected devices 

Arctic Wolf strongly recommends upgrading devices running FortiOS as well as FortiProxy appliances to the latest versions to fully remediate the vulnerabilities and prevent potential exploitation. 

Product  Impacted Versions  Fixed Versions 
FortiOS  FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions 
FortiOS version 7.4.0 or above
FortiOS version 7.2.4 or above
FortiOS version 7.0.10 or above
FortiOS version 6.4.12 or above
FortiOS version 6.2.13 or above
FortiOS-6K7K version 7.0.10 or above
FortiOS-6K7K version 6.4.12 or above
FortiOS-6K7K version 6.2.13 or above 
FortiProxy  FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions 
FortiProxy version 7.2.3 or above
FortiProxy version 7.0.9 or above
FortiProxy version 2.0.12 or above 


Fortinet has noted that certain devices are only affected by a denial of service (DoS) for this vulnerability, and that any device not listed on the advisory which is running a vulnerable version of FortiOS is at risk of remote code execution. Arctic Wolf recommends upgrading all devices running vulnerable versions of FortiOS, regardless of whether they are listed on the advisory as DoS only. For more details on which devices fall into this category, please review the advisory provided by Fortinet. 

Note: Arctic Wolf recommends following change management best practices for applying security patches, including testing changes in a testing environment before deploying to production to avoid any operational impact. 

Recommendation #2: Do not expose management interfaces to the public internet 

The management interface described in this bulletin should never be listening on a public interface. To avoid being targeted in a mass automated exploitation campaign, we recommend that organisations review their firewall configurations and ensure that no such devices are exposed publicly. 

Recommendation #3: Explore Optional Workaround 

Optionally, if unable to apply a patch for this vulnerability to devices running FortiOS, Fortinet has provided a workaround in their advisory that can be applied on the appliances directly. See the advisory for detailed instructions. 


Picture of Adrian Korn

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.
Share :
Table of Contents