The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-001 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(172390);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");
script_cve_id("CVE-2023-25610");
script_xref(name:"IAVA", value:"2023-A-0125-S");
script_name(english:"Fortinet Fortigate - Heap buffer underflow in administrative interface (FG-IR-23-001)");
script_set_attribute(attribute:"synopsis", value:
"Fortinet Firewall is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a
vulnerability as referenced in the FG-IR-23-001 advisory.
- A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface
may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS
on the GUI, via specifically crafted requests. Exploitation status: Fortinet is not aware of any
instance wherethis vulnerability was exploited in the wild. We continuously review and test the security
of our products, and this vulnerability was internally discovered within that frame. (CVE-2023-25610)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.fortiguard.com/psirt/FG-IR-23-001");
script_set_attribute(attribute:"solution", value:
"Upgrade to Fortigate version 6.2.13 / 6.4.12 / 7.0.10 / 7.2.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25610");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fortinet:fortios");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Firewalls");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("fortinet_version.nbin");
script_require_keys("Host/Fortigate/model", "Host/Fortigate/version");
exit(0);
}
include('vcf.inc');
include('vcf_extras_fortios.inc');
var app_name = 'Fortigate';
var app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Fortigate/version');
vcf::fortios::verify_product_and_model(product_name:app_name);
var constraints = [
{ 'min_version' : '6.0.0', 'max_version' : '6.0.16', 'fixed_display' : '6.2.13' },
{ 'min_version' : '6.2.0', 'fixed_version' : '6.2.13' },
{ 'min_version' : '6.4.0', 'fixed_version' : '6.4.12' },
{ 'min_version' : '7.0.0', 'fixed_version' : '7.0.10' },
{ 'min_version' : '7.2.0', 'fixed_version' : '7.2.4' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);