CVE-2023-25610: 
FortiOS vulnerability analysis and mitigation

A critical buffer underwrite vulnerability (CVE-2023-25610) was discovered in the administrative interface of multiple Fortinet products, including FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy, and FortiSwitchManager. The vulnerability was internally discovered by Fortinet and disclosed on March 7, 2023. This vulnerability affects multiple versions of these products, with FortiOS versions ranging from 5.x through 7.2.3 being impacted (Fortinet PSIRT).

The vulnerability is a buffer underwrite ('buffer underflow') in the administrative interface that occurs when a program writes data to a buffer with a size smaller than the data being written, potentially overwriting adjacent memory locations. The vulnerability has been assigned a CVSS v3.1 score of 9.8 (Critical), indicating its severe nature (NVD, Wiz Blog).

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on affected devices and/or perform a denial-of-service (DoS) attack on the GUI via specifically crafted requests. Some hardware devices are only impacted by the DoS aspect and not the arbitrary code execution capability (Fortinet PSIRT, Arctic Wolf).

Fortinet has released patches for all affected products and recommends upgrading to the latest versions. For FortiOS, users should upgrade to versions 7.4.0, 7.2.4, 7.0.10, 6.4.12, or 6.2.13 or above. Alternative workarounds include disabling the HTTP/HTTPS administrative interface or limiting IP addresses that can reach the administrative interface through specific firewall configurations (Fortinet PSIRT).