What is CVE-2023-33308?

A critical vulnerability, CVE-2023-33308, has been identified in certain versions of Fortinet FortiOS and FortiProxy software. This stack-based overflow vulnerability allows remote attackers to execute arbitrary code or commands via crafted packets, potentially compromising the security of affected systems.

Who is impacted by CVE-2023-33308?

Specifically, those using FortiOS versions 7.0.0 to 7.0.10 and 7.2.0 to 7.2.3, as well as FortiProxy versions 7.0.0 to 7.0.9 and 7.2.0 to 7.2.2 are at r

What to do if CVE-2023-33308 affected you

If you're affected by the CVE-2023-33308 vulnerability, it's important to take action to secure your systems. First, disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode. Then, upgrade your FortiOS or FortiProxy software to a version that addresses the vulnerability. Follow these steps:

1. Upgrade to FortiOS version 7.4.0 or above, 7.2.4 or above, or 7.0.11 or above

2. Upgrade to FortiProxy version 7.4.0 or above, 7.2.3 or above, or 7.0.10 or above

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-33308 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in FortiOS and FortiProxy software, allows remote attackers to execute unauthorized code or commands through specially crafted packets, potentially compromising the security of affected systems. It was published on July 26, 2023, and no specific due date or required action is mentioned in the sources provided.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-121, a stack-based buffer overflow issue in Fortinet FortiOS and FortiProxy software.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below:

• PSIRT | FortiGuard Labs