Fortinet warns of new critical unauthenticated RCE vulnerability
Fortinet has disclosed a critical vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. The vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. Fortinet suggests the workaround of disabling the HTTP/HTTPS administrative interface or limiting the IP addresses that can access it remotely. Device models not listed in the advisory are vulnerable to both issues, so administrators should apply the available security updates as soon as possible. CVEs: CVE-2023-25610 [View Article](https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-unauthenticated-rce-vulnerability/)