Fortinet has patched a critical flaw in its Fortigate devices, with admins urged to apply firmware updates as a matter of urgency.
The flaw is a critical pre-authentication remote code execution (RCE) vulnerability in Fortinet’s SSL VPN appliances that’s tagged as CVE-2023-27997. It was identified by Lexfo Security researchers Charles Fol and Dany Bach (rioru).
Fortinet Patches Critical FortiGate
CVE-2023-27997 is a critical security vulnerability that allows remote code execution, potentially granting attackers unauthorized access to vulnerable systems.
Fortinet has recently issued Fortigate firmware updates to fix an undisclosed, critical vulnerability in SSL VPN products. The vulnerability poses a significant risk of pre-authentication remote code execution(RCE) attacks.
The remote code execution vulnerability, according to French cybersecurity firm Olympe Cyberdefense, could allow a threat actor to interfere with the VPN even if multi-factor authentication (MFA) is enabled. The firm has also mentioned that all versions are likely affected, pending confirmation with the release of CVE, which is scheduled for June 13, 2023.
Fortinet has now released firmware fixes in FortiOS versions.
Users are strongly advised to update their systems to the following versions:
- FortiOS 7.2.5
- FortiOS 7.0.12
- FortiOS 6.4.13
- FortiOS 6.2.15
- FortiOS 6.0.17
Previous SSL-VPN flaws have been exploited by threat actors shortly after patches were released, enabling data theft and ransomware attacks.
Update FortiOS: If you are using any of the affected versions, promptly upgrade to the patched versions mentioned above. This will help protect against potential exploitation of the CVE-2023-27997 vulnerability.
Administrators must apply Fortinet security updates as soon as they become available.