12th June 2023 (Updated 13th June 2023)
Fortinet Critical Pre-Authentication RCE Vulnerability
Fortinet has released patches for a ‘pre-authentication’ remote code execution vulnerability in Fortigate SSL-VPN. Fortinet’s bulletin is now available.
CVE-2023-27997 (CVSS 3.1: 9.2 – Critical) is a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN. The researchers at Lexfo Securite discovered the vulnerability and announced it on Twitter.
The vulnerability allows a “hostile agent to interfere via the VPN, even if MFA is enabled.” per Olympe CyberDefense.
The following is confirmed by Fortinet:
Affected Products
- FortiOS-6K7K versions:
- < 7.0.12
- < 6.4.13
- < 6.2.15
- < 6.0.17
- FortiProxy versions:
- < 7.2.4
- < 7.0.10
- FortiOS versions:
- < 7.4.0
- < 7.2.5
- < 7.0.12
- < 6.4.13
- < 6.2.14
- < 6.0.17
Recommendations
Our recommendation in this case is to patch immediately. Fortinet rushed to released patches for this vulnerability, showing its criticality.