Updated: June 21, 2023
Overview
A critical vulnerability (CVE-2023-27997, CVSSv3 Score: 9.2) has been found in the SSL VPN module in Fortinet devices in FortiOS and FortiProxy. The bug is a heap-based overflow bug which allows an attacker to execute arbitrary code or commands via specifically crafted requests. Fortinet has released updates for its FortiGate devices, addressing this bug and urges the FortiGate users to upgrade their FortiOS and FortiProxy firmware.
Impact
This is a bug in FortiOS and FortiProxy SSL VPN. An unauthenticated attacker can remotely gain access to run code or commands via specially crafted requests. There are no details of exploitation of this bug in the public. This vulnerability could be exploited to bypass the Multi-Factor Authentication to interfere with the VPN solutions.
Applicable Versions
At least:
- FortiOS-6K7K version 7.0.10
- FortiOS-6K7K version 7.0.5
- FortiOS-6K7K version 6.4.12
- FortiOS-6K7K version 6.4.10
- FortiOS-6K7K version 6.4.8
- FortiOS-6K7K version 6.4.6
- FortiOS-6K7K version 6.4.2
- FortiOS-6K7K version 6.2.9 through 6.2.13
- FortiOS-6K7K version 6.2.6 through 6.2.7
- FortiOS-6K7K version 6.2.4
- FortiOS-6K7K version 6.0.12 through 6.0.16
- FortiOS-6K7K version 6.0.10
At least:
- FortiProxy version 7.2.0 through 7.2.3
- FortiProxy version 7.0.0 through 7.0.9
- FortiProxy version 2.0.0 through 2.0.12
- FortiProxy 1.2 all versions
- FortiProxy 1.1 all versions
At least:
- FortiOS version 7.2.0 through 7.2.4
- FortiOS version 7.0.0 through 7.0.11
- FortiOS version 6.4.0 through 6.4.12
- FortiOS version 6.0.0 through 6.0.16
Solutions or Updates:
- FortiOS-6K7K version 7.0.12 or above
- FortiOS-6K7K version 6.4.13 or above
- FortiOS-6K7K version 6.2.15 or above
- FortiOS-6K7K version 6.0.17 or above
- FortiProxy version 7.2.4 or above
- FortiProxy version 7.0.10 or above
- FortiProxy version 2.0.13 or above
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.5 or above
- FortiOS version 7.0.12 or above
- FortiOS version 6.4.13 or above
- FortiOS version 6.2.14 or above
- FortiOS version 6.0.17 or above
Best Practices
It is a recommended to immediately update the Fortinet devices with the latest available versions of firmware.
Netsurion Detection and Response
Netsurion has upgraded its Fortinet devices with the latest updates to fix security issues. Netsurion has included the detection of this vulnerability in its Vulnerability Management Software to detect the vulnerability. The customers who subscribe to Netsurion Vulnerability Management Software will be able to detect it.
References:
- https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/
- https://www.fortiguard.com/psirt/FG-IR-23-097
- https://olympecyberdefense.fr/1193-2/
- https://vulnera.com/newswire/fortinet-addresses-critical-rce-vulnerability-in-fortigate-ssl-vpn-devices/
- https://www.reddit.com/r/fortinet/comments/144icdu/comment/jnkx0xm/