Several patches have been released by Fortinet to address a critical security vulnerability in its FortiGate Firewalls and FortiProxy SSL-VPN that would allow a threat actor to initialise remote code execution via a heap-based buffer overflow vulnerability.
The vulnerability, tracked as CVE-2023-27997, is a heap-based buffer overflow vulnerability in SSL VPN devices in Forti OS and FortiProxy. The flaw would allow specially crafted requests to be sent to the vulnerable device to enable the attacker to execute arbitrary code on the vulnerable device. This is reachable pre-authentication.
All versions are affected. The following security fixes were released on Friday 09 June 2023:
· FortiOS-6K7K version 7.0.12 or above.
· FortiOS-6K7K version 6.4.13 or above.
· FortiOS-6K7K version 6.2.15 or above.
· FortiOS-6K7K version 6.0.17 or above.
· FortiProxy version 7.2.4 or above.
· FortiProxy version 7.0.10 or above.
· FortiProxy version 2.0.13 or above.
· FortiOS version 7.4.0 or above.
· FortiOS version 7.2.5 or above.
· FortiOS version 7.0.12 or above.
· FortiOS version 6.4.13 or above.
· FortiOS version 6.2.14 or above.
· FortiOS version 6.0.17 or above.
The CVSSv3 scored the vulnerability as 9.2 out of 10: classing it as critical.
It has been advised that admins should update devices as soon as possible. Fortinet has previously been known to push out security patches before disclosing the vulnerability to give customers time to update devices before any reverse engineering of the patches occurs.
A Shodan search details that over 250,000 FortiGate Firewalls are reachable publicly over the internet: deeming the exposure level to be critical.
A previous Fortinet vulnerability towards the end of last year had affected FortiOS, FortiProxy and FortiSwitch Manager. The previous critical vulnerability, detailed in CVE-2022-40684, would similarly bypass authentication using an alternative path of channel.
|ITC-TI analyst comment:|