Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Home/Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability/Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Fortinet has patched a critical flaw in its Fortigate devices, with admins urged to apply firmware updates as a matter of urgency. 

The flaw is a critical pre-authentication remote code execution (RCE) vulnerability in Fortinet’s SSL VPN appliances that’s tagged as CVE-2023-27997. It was identified by Lexfo Security researchers Charles Fol and Dany Bach (rioru).

Fortinet Patches Critical FortiGate

CVE-2023-27997 is a critical security vulnerability that allows remote code execution, potentially granting attackers unauthorized access to vulnerable systems. 

Fortinet has recently issued Fortigate firmware updates to fix an undisclosed, critical vulnerability in SSL VPN products. The vulnerability poses a significant risk of pre-authentication remote code execution(RCE) attacks.

The remote code execution vulnerability, according to French cybersecurity firm Olympe Cyberdefense, could allow a threat actor to interfere with the VPN even if multi-factor authentication (MFA) is enabled. The firm has also mentioned that all versions are likely affected, pending confirmation with the release of CVE, which is scheduled for June 13, 2023

Fortinet has now released firmware fixes in FortiOS versions.

Users are strongly advised to update their systems to the following versions:

  1. FortiOS 7.2.5
  2. FortiOS 7.0.12
  3. FortiOS 6.4.13
  4. FortiOS 6.2.15
  5. FortiOS 6.0.17

Previous SSL-VPN flaws have been exploited by threat actors shortly after patches were released, enabling data theft and ransomware attacks.


Update FortiOS: If you are using any of the affected versions, promptly upgrade to the patched versions mentioned above. This will help protect against potential exploitation of the CVE-2023-27997 vulnerability.

Administrators must apply Fortinet security updates as soon as they become available.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2023-06-14T18:29:12+05:30 June 12th, 2023|Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!