Fortinet warns of new critical unauthenticated RCE vulnerability

Fortinet has disclosed a “Critical” vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.

This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type of flaw occurs when a program tries to read more data from a memory buffer than is available, resulting in accessing adjacent memory locations, leading to risky behavior or crashes.

Read more…
Source: Bleeping Computer