Fortinet Patches Stack Buffer Overflow in FortiOS, FortiProxy, and FortiPAM
Fortinet has released security updates for a critical stack buffer overflow vulnerability affecting FortiOS, FortiProxy, and FortiPAM, which could allow arbitrary code execution.

Fortinet has issued a security advisory detailing a critical stack-based buffer overflow vulnerability (CWE-121) that impacts several of its key products: FortiOS, FortiProxy, and FortiPAM. This flaw, if successfully exploited, could permit a privileged and authenticated attacker to execute arbitrary code or commands on the affected systems.
The vulnerability arises from the way the affected products handle log reporting. An attacker who has already gained privileged access and can bypass standard stack protection mechanisms and Address Space Layout Randomization (ASLR) can exploit this flaw. The exploit involves sending specially crafted HTTP requests to the vulnerable systems. Successful exploitation could lead to a complete compromise of the affected device, allowing an attacker to run malicious code with elevated privileges.
Fortinet has provided specific version information for the affected products. For FortiOS, versions 7.4.0 through 7.4.1 are vulnerable, with a recommendation to upgrade to 7.4.2 or later. All versions of FortiOS 7.2 are also affected and require migration to a fixed release. In the FortiPAM product line, versions 1.8.0 through 1.8.2 are vulnerable, with an upgrade to 1.8.3 or above recommended. All versions of FortiPAM 1.7, 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, and 1.0 are also impacted and require migration to a fixed release.
For FortiProxy, versions 7.4.0 through 7.4.13 are susceptible to this vulnerability, and users are advised to upgrade to 7.4.14 or a later version. Similar to FortiOS and FortiPAM, all versions of FortiProxy 7.2 are affected and require migration to a fixed release. Fortinet also notes that FortiOS 8.0 and 7.6, as well as FortiProxy 7.6 and FortiPAM 1.9, are not affected by this particular vulnerability.
To assist customers in managing their upgrades, Fortinet offers an upgrade tool accessible via their documentation portal. This tool helps users determine the correct upgrade path based on their current version and desired target release. Additionally, Fortinet has made a virtual patch available through its FortiWLM (FortiGuard Web Filtering) database update 26.062, named "FG-VD-10009513.0day." This virtual patch can provide immediate protection against exploitation while organizations plan and implement permanent fixes.
Fortinet has acknowledged the contributions of Vang3lis and Cyth from VARAS@IIE for responsibly reporting this vulnerability through their disclosure program. The company emphasizes its commitment to security and encourages researchers to report potential vulnerabilities to help maintain the integrity of its products.
This vulnerability underscores the ongoing risks associated with buffer overflow flaws, particularly in network-facing devices. The ability for a privileged attacker to execute arbitrary code highlights the importance of robust security configurations, regular patching, and layered security defenses. Organizations using affected Fortinet products should prioritize applying the available updates or implementing the virtual patch to mitigate the risk of exploitation.