A critical stack-based buffer overflow vulnerability in Fortinet’s FortiOS and FortiProxy products. The flaw could be exploited to “allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.” Fortinet has made updates available to address the issue. If users are unable to update right away, Fortinet recommends “disable[ing] HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.” Ref https://www.fortiguard.com/psirt/FG-IR-23-183
