Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FORTIGATE_FG-IR-23-001.NASL
HistoryMar 09, 2023 - 12:00 a.m.

Fortinet Fortigate - Heap buffer underflow in administrative interface (FG-IR-23-001)

2023-03-0900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
56
fortinet
fortigate
heap buffer underflow
remote attacker
arbitrary code execution
dos
gui
nessus
vulnerability scanner.
JSON

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-001 advisory.

  • A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. Exploitation status: Fortinet is not aware of any instance wherethis vulnerability was exploited in the wild. We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame. (CVE-2023-25610)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(172390);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");

  script_cve_id("CVE-2023-25610");
  script_xref(name:"IAVA", value:"2023-A-0125-S");

  script_name(english:"Fortinet Fortigate - Heap buffer underflow in administrative interface (FG-IR-23-001)");

  script_set_attribute(attribute:"synopsis", value:
"Fortinet Firewall is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a
vulnerability as referenced in the FG-IR-23-001 advisory.

  - A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface
    may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS
    on the GUI, via specifically crafted requests.  Exploitation status: Fortinet is not aware of any
    instance wherethis vulnerability was exploited in the wild. We continuously review and test the security
    of our products, and this vulnerability was internally discovered within that frame. (CVE-2023-25610)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.fortiguard.com/psirt/FG-IR-23-001");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Fortigate version 6.2.13 / 6.4.12 / 7.0.10 / 7.2.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25610");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fortinet:fortios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("fortinet_version.nbin");
  script_require_keys("Host/Fortigate/model", "Host/Fortigate/version");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_fortios.inc');

var app_name = 'Fortigate';
var app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Fortigate/version');
vcf::fortios::verify_product_and_model(product_name:app_name);

var constraints = [
  { 'min_version' : '6.0.0', 'max_version' : '6.0.16', 'fixed_display' : '6.2.13' },
  { 'min_version' : '6.2.0', 'fixed_version' : '6.2.13' },
  { 'min_version' : '6.4.0', 'fixed_version' : '6.4.12' },
  { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10' },
  { 'min_version' : '7.2.0', 'fixed_version' : '7.2.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
fortinetfortioscpe:/o:fortinet:fortios

Related

wizblog 1
cve 1
githubexploit 1
fortinet 1
prion 1
thn 2
ics 1
wizblog
wizblog
CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know
2023-03-13 12:39:58
cve
cve
CVE-2023-25610
2023-03-08 13:58:12
githubexploit
githubexploit
Exploit for CVE-2023-25610
2023-06-17 06:57:28
fortinet
fortinet
Protect
2023-03-07 00:00:00
prion
prion
Buffer overflow
2023-03-07 00:00:00
thn
thn
New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
2023-03-09 05:23:00
Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
2023-03-14 06:01:00
ics
ics
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
2024-03-14 12:00:00
JSON
Related for FORTIGATE_FG-IR-23-001.NASL
wizblog1cve1githubexploit1fortinet1prion1thn2ics1