Fortinet, a multinational cybersecurity firm, has released several versions of its FortiOS operating system (OS) without disclosing that they contain a fix for CVE-2023-27997, a critical vulnerability that enables remote code execution (RCE) and does not require the attacker to be logged in to exploit it. FortiOS is the firmware that powers the company’s Fortigate firewalls and other devices. The vulnerability appears to affect the SSL VPN functionality of Fortigate firewalls and allows attackers to interfere with VPN, even if multi-factor authentication (MFA) is enabled.
The affected versions of FortiOS include 7.2.5, 7.0.12, 6.4.13, 6.2.15, and, reportedly, v6.0.17. Although Fortinet officially ended support for the v6.0 branch last year, it appears that the company has included a fix for the vulnerability in this version of the firmware as well. Reports suggest that Fortinet will release more details on the vulnerability on June 13, 2023.
Lexfo security researcher Charles Fol and his colleague Dany Bach discovered the flaw and reported it to Fortinet. Fol notes that the vulnerability is reachable pre-authentication on every SSL VPN appliance and allows RCE. He has not provided any further details at this time. There is currently no information available on possible workarounds for the vulnerability.
Enterprise admins are advised to upgrade Fortigate devices to the latest patched version as soon as possible. If left unpatched, the vulnerability is likely to be exploited by attackers soon. Unfortunately, threat actors can compare the newer versions of the firmware with older ones to find out what the patch does. This information can then be used to develop a working exploit.
Fortigate firewalls have been a popular target for cybercriminals in the past, with several vulnerabilities discovered and exploited. Fortinet is also known for releasing critical fixes without mentioning specific vulnerabilities. Therefore, enterprise admins should move quickly to implement the patch in their systems.
If the available update does not show up in the device’s dashboard, it is recommended to reboot it. Manual download and installation of the patch may be required if the update does not appear after rebooting.
In conclusion, enterprise admins running Fortigate firewalls are advised to upgrade their systems as soon as possible to protect against the CVE-2023-27997 vulnerability. Although no detailed information is currently available on the nature of the flaw, reports suggest that it is a critical vulnerability that may allow for remote code execution. Unpatched systems are likely to be targeted by malicious actors soon, and admins should act swiftly to mitigate the risk.