Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.
This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type of flaw occurs when a program tries to read more data from a memory buffer than is available, resulting in accessing adjacent memory locations, leading to risky behavior or crashes.
The
security advisory published by Fortinet yesterday says that it's not aware of any instances of active exploitation in the wild at this time, and it affects the following products: ... ... ...
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
