HomeCII/OTFortinet addresses pre-auth RCE vulnerability in Fortigate firewalls - Urgent update required...

Fortinet addresses pre-auth RCE vulnerability in Fortigate firewalls – Urgent update required (CVE-2023-27997)

Published on

spot_img

Fortinet, a multinational cybersecurity firm, has released several versions of its FortiOS operating system (OS) without disclosing that they contain a fix for CVE-2023-27997, a critical vulnerability that enables remote code execution (RCE) and does not require the attacker to be logged in to exploit it. FortiOS is the firmware that powers the company’s Fortigate firewalls and other devices. The vulnerability appears to affect the SSL VPN functionality of Fortigate firewalls and allows attackers to interfere with VPN, even if multi-factor authentication (MFA) is enabled.

The affected versions of FortiOS include 7.2.5, 7.0.12, 6.4.13, 6.2.15, and, reportedly, v6.0.17. Although Fortinet officially ended support for the v6.0 branch last year, it appears that the company has included a fix for the vulnerability in this version of the firmware as well. Reports suggest that Fortinet will release more details on the vulnerability on June 13, 2023.

Lexfo security researcher Charles Fol and his colleague Dany Bach discovered the flaw and reported it to Fortinet. Fol notes that the vulnerability is reachable pre-authentication on every SSL VPN appliance and allows RCE. He has not provided any further details at this time. There is currently no information available on possible workarounds for the vulnerability.

Enterprise admins are advised to upgrade Fortigate devices to the latest patched version as soon as possible. If left unpatched, the vulnerability is likely to be exploited by attackers soon. Unfortunately, threat actors can compare the newer versions of the firmware with older ones to find out what the patch does. This information can then be used to develop a working exploit.

Fortigate firewalls have been a popular target for cybercriminals in the past, with several vulnerabilities discovered and exploited. Fortinet is also known for releasing critical fixes without mentioning specific vulnerabilities. Therefore, enterprise admins should move quickly to implement the patch in their systems.

If the available update does not show up in the device’s dashboard, it is recommended to reboot it. Manual download and installation of the patch may be required if the update does not appear after rebooting.

In conclusion, enterprise admins running Fortigate firewalls are advised to upgrade their systems as soon as possible to protect against the CVE-2023-27997 vulnerability. Although no detailed information is currently available on the nature of the flaw, reports suggest that it is a critical vulnerability that may allow for remote code execution. Unpatched systems are likely to be targeted by malicious actors soon, and admins should act swiftly to mitigate the risk.

Source link

Latest articles

Jurassic Park, Cybersecurity, and the Perilous Illusion of Control

Resilience has become a pivotal concern for businesses today, evolving beyond mere compliance to...

Hacker Extradited from Ukraine Admits Guilt in Ryuk Ransomware Case

Armenian Extradited from Ukraine Pleads Guilty in Connection with Ryuk Ransomware Operations In a significant...

CISA Issues Warning About Exploited File Upload Vulnerabilities in iCagenda and Balbooa Forms

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited...

Can AI Bridge the Gap in Cybersecurity Inequality?

In the rapidly evolving landscape of artificial intelligence (AI) and cybersecurity, the integration of...

More like this

Jurassic Park, Cybersecurity, and the Perilous Illusion of Control

Resilience has become a pivotal concern for businesses today, evolving beyond mere compliance to...

Hacker Extradited from Ukraine Admits Guilt in Ryuk Ransomware Case

Armenian Extradited from Ukraine Pleads Guilty in Connection with Ryuk Ransomware Operations In a significant...

CISA Issues Warning About Exploited File Upload Vulnerabilities in iCagenda and Balbooa Forms

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited...