Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Fortinet
released
security
updates
to
fix
a
critical
security
flaw
in
its
FortiGate
firewalls
that
lead
to
remote
code
execution.

Fortinet
has
released
security
patches
to
address
a
critical
security
vulnerability,
tracked
as CVE-2023-27997,
in
its
FortiGate
firewalls.
An
attacker
can
exploit
the
vulnerability
to
achieve
remote
code
execution
on
vulnerable
network
equipment.

The
vulnerability
was
reported
to
Fortinet
by
the
researcher
Charles
Fol
and

DDXhunter
from
Lexfo
Security.
The
researcher
describes
the
issue
as
a
reachable
pre-authentication
that
impacts
every
SSL
VPN
appliance.

Fortinet
has
yet
to
publish
an
official
advisory
that
plans
to
release
in
the
forthcoming
days.

#Fortinet
published
a
patch
for
CVE-2023-27997,
the
Remote
Code
Execution
vulnerability

@DDXhunter
and
I
reported.
This
is
reachable
pre-authentication,
on
every
SSL
VPN
appliance.
Patch
your

#Fortigate.
Details
at
a
later
time.

#xortigate

—
Charles
Fol
(@cfreal_)

June
11,
2023

Cybersecurity
firm
Olympe
Cyberdefense
has
published
an
advisory
on
the
vulnerability,
highlighting
that
it
is
still
not
public
at
this
stage.
The
flaw
has
been
patched
in
versions
6.2.15,
6.4.13,
7.0.12,
and
7.2.5.

“A
new
critical
flaw,
not
made
public
at
this
stage,
concerns
Fortinet
on
its
Fortigate
firewalls,
more
specifically
the
SSL
VPN
functionalities.”


reads
the
advisory.
“The
flaw
would
allow
a
hostile
agent
to
interfere
via
the
VPN,
even
if
the
MFA
is
activated.”

Below
is
the
statement
shared
by
the
vendor
with
media
outlets:

“Timely
and
ongoing
communications
with
our
customers
is
a
key
component
in
our
efforts
to
best
protect
and
secure
their
organization.
There
are
instances
where
confidential
advance
customer
communications
can
include
early
warning
on
Advisories
to
enable
customers
to
further
strengthen
their
security
posture,
prior
to
the
Advisory
being
publicly
released
to
a
broader
audience.
This
process
follows
best
practices
for
responsible
disclosure
to
ensure
our
customers
have
the
timely
information
they
need
to
help
them
make
informed
risk-based
decisions.
For
more
on
Fortinet’s
responsible
disclosure
process,
visit
the
Fortinet
Product
Security
Incident
Response
Team
(PSIRT)
page:

https://www.fortiguard.com/psirt_policy.”

Searching
for
Fortigate
firewalls
exposed
online
there
are
more
than

250K
installs
worldwide,
most
of
them
in
the
US.

Follow
me
on
Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking,
RCE)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts