Last updated on September 1, 2023 at 10:45 am
We’re aware of a Remote Code Execution (RCE) vulnerability that is affecting FortiGate devices running FortiOS and FortiProxy. The stack-based overflow vulnerability may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
The following products are impacted:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.9
All N4L managed Fortinet Firewalls are not affected by this vulnerability. However, if your school manages its own Fortinet firewall, we recommend upgrading to the versions in this advisory.
More information can be found here.