CVE-2023-33308 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-33308?

CVE-2023-33308 has a CVSS score of 9.8 (CRITICAL). A critical stack-based buffer overflow vulnerability in Fortinet FortiOS and FortiProxy allows remote unauthenticated attackers to execute arbitrary code via specially crafted packets. This affects systems with proxy policies or firewall policies in proxy mode alongside deep/full packet inspection. Organizations running affected versions of FortiOS 7.0.0-7.0.10 or 7.2.0-7.2.3, or FortiProxy 7.0.0-7.0.9 or 7.2.0-7.2.2 are vulnerable.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Fortinet FortiOS and FortiProxy allows remote unauthenticated attackers to execute arbitrary code via specially crafted packets. This affects systems with proxy policies or firewall policies in proxy mode alongside deep/full packet inspection. Organizations running affected versions of FortiOS 7.0.0-7.0.10 or 7.2.0-7.2.3, or FortiProxy 7.0.0-7.0.9 or 7.2.0-7.2.2 are vulnerable.

💻 Affected Systems

Products:

Fortinet FortiOS
Fortinet FortiProxy

Versions: FortiOS 7.0.0-7.0.10 and 7.2.0-7.2.3; FortiProxy 7.0.0-7.0.9 and 7.2.0-7.2.2

Operating Systems: FortiOS (proprietary), FortiProxy (proprietary)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires proxy policies or firewall policies with proxy mode alongside deep/full packet inspection enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data exfiltration, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attacker to pivot to internal networks, steal credentials, or deploy malware.

🟢

If Mitigated

Denial of service or limited impact if exploit fails due to security controls like ASLR or DEP.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing devices prime targets.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they reach vulnerable systems, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS 9.8 indicates trivial exploitation with high impact. Remote unauthenticated access makes weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.0.11 or 7.2.4; FortiProxy 7.0.10 or 7.2.3

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-183

Restart Required: Yes

Instructions:

1. Backup configuration. 2. Download patched firmware from Fortinet support portal. 3. Upload firmware to device via GUI or CLI. 4. Install update. 5. Reboot device. 6. Verify version.

🔧 Temporary Workarounds

Disable vulnerable features

all

Temporarily disable proxy policies or firewall policies with proxy mode alongside deep/full packet inspection.

config firewall policy
edit <policy_id>
set inspection-mode flow
next
end

🧯 If You Can't Patch

Isolate affected devices from internet and restrict internal access using network segmentation.
Implement strict firewall rules to limit traffic to only trusted sources and monitor for exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check FortiOS/FortiProxy version via GUI (System > Dashboard) or CLI (get system status). Compare against affected versions.

Check Version:

get system status | grep Version

Verify Fix Applied:

Confirm version is FortiOS 7.0.11+, 7.2.4+ or FortiProxy 7.0.10+, 7.2.3+.

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution, memory corruption logs, or crash dumps in system logs.

Network Indicators:

Unusual outbound connections from Fortinet devices, anomalous packet patterns to proxy/firewall services.

SIEM Query:

source="fortinet" AND (event_type="crash" OR event_type="buffer_overflow" OR process_execution="unexpected")

📊 Metadata

CVE ID: CVE-2023-33308

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: July 26, 2023

Last Updated: November 21, 2024

🔗 References

https://fortiguard.com/psirt/FG-IR-23-183 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-183 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33308, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortios by Fortinet

Fortios by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable features

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities