Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest July 2023 Monthly PSIRT Advisory Report From Fortinet
July 14, 2023
|
5m

Breaking Down the Latest July 2023 Monthly PSIRT Advisory Report From Fortinet


Breaking Down The Latest July 2023 Monthly Psirt Advisory Report From Fortinet

Fortinet has recently released its July 2023 Monthly PSIRT Advisory Report on 11th July 2023, which we’ve covered in this detailed report. This report describes newly released security vulnerabilities affecting Fortinet products. The report is an essential resource for IT professionals and organizations utilizing Fortinet products, as it helps them stay informed about potential risks, allowing them to take the necessary actions to ensure their systems remain secure.

Through this report, you will understand the severity of each vulnerability, the steps needed to mitigate the risks, and take the necessary actions to enhance the security structure against potential threats. IT professionals and organizations are encouraged to closely monitor Fortinet’s PSIRT Advisories and adapt their security measures based on the findings. By staying up-to-date on the latest vulnerabilities and fixes, users can continue to leverage Fortinet’s cutting-edge technologies while maintaining a secure and robust digital infrastructure.

Summary of July 2023 Monthly PSIRT Advisory Report

Key highlights:

  • 4 vulnerabilities have been identified in total. Among these, 1 is critical, 1 has high severity, and 2 are of medium severity.

  • The critical vulnerability found in FortiOS and FortiProxy could potentially allow an attacker to execute arbitrary code due to a stack-based buffer overflow.

  • The products affected by these vulnerabilities include FortiOS, FortiProxy, FortiExtender, FortiAnalyzer, and FortiManager.

Vulnerabilities by Category

The July 2023 Monthly PSIRT Advisory Report presents 4 vulnerabilities affecting multiple FortiGate products. Below is a table giving the overview of each vulnerability type identified in the report: 

Vulnerability TypeNumber of Occurrences 
Stack-based overflow vulnerability [CWE-124]1
Path Traversal vulnerability [CWE-22]2
Insufficient session expiration [CWE-613] vulnerability1

Vulnerabilities by Product

Please refer to this table if you want to know the list of vulnerabilities by the Fortinet products.

Fortinet ProductNumber of Occurrence
FortiOS2
FortiProxy1
FortiAnalyzer1
FortiExtender1
FortiManager1

List of Vulnerabilities Patched in July 2023 Monthly PSIRT Advisory Report

This table shows the breakdown of all 4 vulnerabilities published in the July 2023 Monthly PSIRT Advisory Report.

CVESummaryCVSSv3 ScoreSeverityProducts AffectedProduct Fixed
CVE-2023-33308A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.9.8CriticalFortiOS version 7.2.0 through 7.2.3FortiOS version 7.0.0 through 7.0.10FortiProxy version 7.2.0 through 7.2.2FortiProxy version 7.0.0 through 7.0.9Please upgrade to FortiOS version 7.4.0 or abovePlease upgrade to FortiOS version 7.2.4 or abovePlease upgrade to FortiOS version 7.0.11 or abovePlease upgrade to FortiProxy version 7.2.3 or abovePlease upgrade to FortiProxy version 7.0.10 or above
CVE-2022-23447An improper limitation of a pathname to a restricted directory Path Traversal vulnerability [CWE-22] in FortiExtender management interface may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.7.3HighFortiExtender version 7.0.0 through 7.0.3FortiExtender version 4.2.0 through 4.2.4FortiExtender version 4.1.1 through 4.1.8FortiExtender version 4.0.0 through 4.0.2FortiExtender version 3.3.0 through 3.3.2FortiExtender version 3.2.1 through 3.2.3FortiExtender 5.3 all versionsPlease upgrade to FortiExtender version 7.2.0 or abovePlease upgrade to FortiExtender version 7.0.4 or abovePlease upgrade to FortiExtender version 4.2.5 or abovePlease upgrade to FortiExtender version 4.1.9 or abovePlease upgrade to FortiExtender version 4.0.3 or abovePlease upgrade to FortiExtender version 3.3.3 or abovePlease upgrade to FortiExtender version 3.2.4 or above
CVE-2023-28001An insufficient session expiration [CWE-613] vulnerability in FortiOS REST API may allow an attacker to reuse the session of a deleted user, should the attacker manage to obtain the API token.4.1MediumFortiOS version 7.2.0 through 7.2.4FortiOS 7.0 all versionsPlease upgrade to FortiOS version 7.4.0 or abovePlease upgrade to FortiOS version 7.2.5 or above
CVE-2023-25606An improper limitation of a pathname to a restricted directory Path Traversal vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.6.2MediumFortiManager version 7.2.0 through 7.2.1FortiManager version 7.0.0 through 7.0.5FortiManager version 6.4.0 through 6.4.11FortiAnalyzer version 7.2.0 through 7.2.1FortiAnalyzer version 7.0.0 through 7.0.5FortiAnalyzer version  6.4.0 through 6.4.11Please upgrade to FortiManager version 7.2.2 or abovePlease upgrade to FortiManager version 7.0.7 or abovePlease upgrade to FortiManager version 6.4.12 or abovePlease upgrade to FortiAnalyzer version 7.2.2 or abovePlease upgrade to FortiAnalyzer version 7.0.7 or abovePlease upgrade to FortiAnalyzer version 6.4.12 or above

This report presents complete detail about the July 2023 Monthly PSIRT Advisory Report Fortinet released on July 11, 2023. With this report, you can stay up to date with all newly released vulnerabilities and the recommended steps to take to avoid getting affected by it. You can also share this post and contribute to making the digital world securer and protected. If you want to have more regular posts on topics like these, please visit our website thesecmaster.com and follow us on our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, and Medium, and subscribe to our content.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe