1. Summary
| Vulnerability Name |
FortiOS/FortiProxy Stack-Based Buffer Overflow Vulnerability (CVE-2023-33308) |
|---|---|
| Release Date |
July 13, 2023 |
| Component Name |
FortiOS and FortiProxy |
| Affected Versions |
7.2.0 ≤ FortiOS ≤ 7.2.3 |
| Vulnerability Type |
CWE-124: Buffer Underwrite (Buffer Overflow) |
| Severity |
CVSS v3 Base Score: 9.8 (Critical) |
| Exploitability |
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None |
| Impact |
Confidentiality Impact: Awaiting analysis Integrity Impact: Awaiting analysis Availability Impact: Awaiting analysis |
2. About the Vulnerability CVE-2023-33308
2.1 About the Component
FortiGate: FortiGate is a next-generation firewall by Fortinet, providing features such as firewall, VPN, intrusion prevention, antivirus, web filtering, and application control.
FortiProxy: FortiProxy is a web proxy appliance by Fortinet, providing features like web content filtering, SSL inspection, application control, and WAN optimization.
2.2 About the Vulnerability
On July 13, 2023, Sangfor FarSight Labs received notification about a FortiOS/FortiProxy stack-based buffer overflow vulnerability, identified as CVE-2023-33308, with a severity rating of Critical (CVSS Score 9.8).
This vulnerability arises when the proxy mode is enabled with SSL deep packet inspection, allowing a remote attacker to execute arbitrary code or commands by crafting packets that can reach the proxy policies or firewall policies.
3. Affected Versions
7.2.0 ≤ FortiOS ≤ 7.2.3
7.0.0 ≤ FortiOS ≤7.0.10
7.2.0 ≤ FortiProxy ≤7.2.2
7.0.0 ≤ FortiProxy ≤7.0.9
4. Solutions
4.1 Fortinet Solution
4.1.1 Version Upgrade
Fortinet has released updated versions of FortiGate and FortiProxy to fix the vulnerability, and users are recommended to upgrade as quickly as possible.
FortiGate: https://docs.fortinet.com/product/fortigate/7.4
FortiProxy: https://docs.fortinet.com/product/fortiproxy/7.2
4.1.2 Workaround
For users who are unable to upgrade to the latest versions, Fortinet recommends disabling HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.
Example with custom-deep-inspection profile:
config firewall ssl-ssh-profile
edit "custom-deep-inspection"
set supported-alpn http1-1
next
end
5. Timeline
On July 13, 2023, Sangfor FarSight Labs received notification about the FortiOS/FortiProxy Stack-Based Buffer Overflow Vulnerability (CVE-2023-33308).
On July 13, 2023, Sangfor FarSight Labs released a vulnerability alert.
6. Reference
https://www.fortiguard.com/psirt/FG-IR-23-183
7. Learn More
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
