Updated: June 21, 2023

Overview

A critical vulnerability (CVE-2023-27997, CVSSv3 Score: 9.2) has been found in the SSL VPN module in Fortinet devices in FortiOS and FortiProxy. The bug is a heap-based overflow bug which allows an attacker to execute arbitrary code or commands via specifically crafted requests. Fortinet has released updates for its FortiGate devices, addressing this bug and urges the FortiGate users to upgrade their FortiOS and FortiProxy firmware.

Impact

This is a bug in FortiOS and FortiProxy SSL VPN. An unauthenticated attacker can remotely gain access to run code or commands via specially crafted requests. There are no details of exploitation of this bug in the public. This vulnerability could be exploited to bypass the Multi-Factor Authentication to interfere with the VPN solutions.

Applicable Versions

At least: 

  • FortiOS-6K7K version 7.0.10 
  • FortiOS-6K7K version 7.0.5 
  • FortiOS-6K7K version 6.4.12 
  • FortiOS-6K7K version 6.4.10 
  • FortiOS-6K7K version 6.4.8 
  • FortiOS-6K7K version 6.4.6 
  • FortiOS-6K7K version 6.4.2 
  • FortiOS-6K7K version 6.2.9 through 6.2.13 
  • FortiOS-6K7K version 6.2.6 through 6.2.7 
  • FortiOS-6K7K version 6.2.4 
  • FortiOS-6K7K version 6.0.12 through 6.0.16 
  • FortiOS-6K7K version 6.0.10 

At least: 

  • FortiProxy version 7.2.0 through 7.2.3 
  • FortiProxy version 7.0.0 through 7.0.9 
  • FortiProxy version 2.0.0 through 2.0.12 
  • FortiProxy 1.2 all versions 
  • FortiProxy 1.1 all versions 

At least: 

  • FortiOS version 7.2.0 through 7.2.4 
  • FortiOS version 7.0.0 through 7.0.11 
  • FortiOS version 6.4.0 through 6.4.12 
  • FortiOS version 6.0.0 through 6.0.16 

Solutions or Updates: 

  • FortiOS-6K7K version 7.0.12 or above 
  • FortiOS-6K7K version 6.4.13 or above 
  • FortiOS-6K7K version 6.2.15 or above 
  • FortiOS-6K7K version 6.0.17 or above 
  • FortiProxy version 7.2.4 or above 
  • FortiProxy version 7.0.10 or above 
  • FortiProxy version 2.0.13 or above 
  • FortiOS version 7.4.0 or above 
  • FortiOS version 7.2.5 or above 
  • FortiOS version 7.0.12 or above 
  • FortiOS version 6.4.13 or above 
  • FortiOS version 6.2.14 or above 
  • FortiOS version 6.0.17 or above 

Best Practices

It is a recommended to immediately update the Fortinet devices with the latest available versions of firmware.

Netsurion Detection and Response

Netsurion has upgraded its Fortinet devices with the latest updates to fix security issues. Netsurion has included the detection of this vulnerability in its Vulnerability Management Software to detect the vulnerability. The customers who subscribe to Netsurion Vulnerability Management Software will be able to detect it.

References:

  1. https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/
  2. https://www.fortiguard.com/psirt/FG-IR-23-097
  3. https://olympecyberdefense.fr/1193-2/
  4. https://vulnera.com/newswire/fortinet-addresses-critical-rce-vulnerability-in-fortigate-ssl-vpn-devices/
  5. https://www.reddit.com/r/fortinet/comments/144icdu/comment/jnkx0xm/
Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4