Security Bulletin with an exclamation point in the center of the image
Security Bulletin with an exclamation point in the center of the image
Back to blog

CVE-2023-33308: Critical Fortinet FortiOS and FortiProxy RCE Vulnerability

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). Find Arctic Wolf’s recommendations.
Security Bulletin with an exclamation point in the center of the image
6 min read

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects proxy policies and/or firewall policies with proxy mode and SSL deep packet inspection enabled. This CVE was discovered and responsibly disclosed to Fortinet by security researchers. At this time, exploitation has not been observed in the wild, and a proof of concept (PoC) exploit has not been published publicly.

As demonstrated in CISA’s Known Exploited Vulnerabilities Catalog, threat actors have actively exploited Fortinet vulnerabilities in the past. Due to the severity of the vulnerability and the fact that similar vulnerabilities have been weaponized by threat actors, Arctic Wolf strongly recommends upgrading to the latest available versions of FortiOS and FortiProxy on all affected devices.

Products Vulnerable Versions Patched versions
FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

·       FortiOS version 7.4.0 or above

·       FortiOS version 7.2.4 or above

·       FortiOS version 7.0.11 or above
FortiProxy 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

·       FortiProxy version 7.2.3 or above

·       FortiProxy version 7.0.10 or above

Recommendations for CVE-2023-33308

Please follow your organization’s patching and testing guidelines to avoid any operational impact.

Recommendation #1: Upgrade to the Most Recent Version Release

Arctic Wolf strongly recommends updating to one of the following versions outlined in the table below to remediate the newly discovered vulnerability.

Products Vulnerable Versions Patched versions
FortiOS 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

·       FortiOS version 7.4.0 or above

·       FortiOS version 7.2.4 or above

·       FortiOS version 7.0.11 or above
FortiProxy 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

·       FortiProxy version 7.2.3 or above

·       FortiProxy version 7.0.10 or above

Workaround: Disable HTTP/2 support on SSL Inspection Profiles

If you are unable to upgrade to the versions above, Fortinet recommends in their advisory to disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode, to mitigate the vulnerability.

Fortinet’s example with custom-deep-inspection profile:

1config firewall ssl-ssh-profile
2edit "custom-deep-inspection"
3set supported-alpn http1-1
4next
5end

References

Popular Topics
View all posts
Share this post:

What to read next

Back to Blog
Arctic Wolf Blog Featured Image
3 min read

CVE-2025-31324: Maximum-Severity File Upload Vulnerability in SAP NetWeaver Exploited in the Wild

April 25, 2025

View Post
Arctic Wolf Blog Featured Image
4 min read

CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center

April 24, 2025

View Post
Arctic Wolf Blog Featured Image
11 min read

CVE-2025-32433: Maximum Severity Unauthenticated RCE Vulnerability in Erlang/OTP SSH

April 21, 2025

View Post
Arctic Wolf Blog Featured Image
8 min read

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

April 17, 2025

View Post