Fortinet recently patched a critical pre-authentication RCE flaw in its Fortigate firmware. The vulnerability only affected Fortigate firmware empowering SSL VPN devices. Given the exploitability of the flaw, it’s crucial for the relevant users to update their systems at the earliest.
Severe RCE Flaw Affected Fortinet Fortigate SSL VPN Devices
According to a recent advisory from CERT-NZ, Fortinet has patched a severe security issue in its FortiOS firmware for Fortigate SSL-VPN enabled devices.
As stated, the vulnerability, identified as CVE-2023-27997, allowed an unauthenticated, remote attacker to execute arbitrary codes and commands on the target system.
Although, not much information is yet available about the bug since Fortinet hasn’t released a public advisory about it until the time of writing this story. Nonetheless, the related security bulletins, including CERT-NZ’s advisory, confirm that the firm has patched the vulnerability with FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
The vulnerability first caught the attention of two security researchers, Charles Fol of Lexfo Security and Rioru. Following this discovery, the researchers contacted Fortinet, who patched the issue.
Like Fortinet, the researchers have also not shared many details about the matter, allowing (and urging) the users to patch their systems at the earliest. According to Fol, the vulnerability affects every SSL-VPN enabled Fortigate device, though it typically impacts these devices only and won’t presumably apply to other devices. This resonates with Beyond Machines’ report, highlighting that the vulnerability lets an adversary meddle with the VPN even with MFA enabled.
Shodan results indicate that nearly 250,000 Fortigate firewalls are online, hinting at the massive number of vulnerable devices existing globally.
Since the patches are now available, it’s crucial for Fortigate users, especially those with SSL-VPN enabled devices, to update their systems with the relevant firmware releases. Besides, those interested to hear more directly from Fortinet may keep an eye on Fortinet advisories to read the details about this flaw when available.
Let us know your thoughts in the comments.
