CVE-2023-33308 - Critical Remote Code Execution (RCE) on FortiOS-FortiProxy - #CVE-2023-33308
Fortinet recently disclosed a critical vulnerability in different versions of FortiOS and FortiProxy that allows remote code execution. The flaw, tracked as CVE-2023-33308, arises from a stack-based buffer overflow and can be exploited by sending crafted packets to affected proxy or firewall policies. Fortinet has released security updates for FortiOS versions 7.2 and 7.0 as well as FortiProxy versions 7.2 and 7.0 to address this issue. Administrators are advised to apply the updates as soon as possible to prevent exploitation. Threat actors frequently target Fortinet products to gain access to networks, so patching this vulnerability should be a top priority.