A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
Disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.
Example with custom-deep-inspection profile:
config firewall ssl-ssh-profile
set supported-alpn http1-1
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.9
Products NOT affected:
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiProxy 2.x all versions
FortiProxy 1.x all versions
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.11 or above
Please upgrade to FortiProxy version 7.4.0 or above
Please upgrade to FortiProxy version 7.2.3 or above
Please upgrade to FortiProxy version 7.0.10 or above
AcknowledgementThis issue was resolved in a previous release as a bug without a corresponding PSIRT Advisory. Fortinet would like to thank Watchtowr for sharing this omission.
2023-07-11: Initial publication