THREAT LEVEL - HIGH

15-06-2023

New Critical Flaw in FortiOS and FortiProxy

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.


Description

We have observed that a new critical vulnerability on FortiGate firewalls, has been identified.

An attacker, by exploiting this vulnerability, could achieve remote code execution on affected systems and gain remote access.

The vulnerability tracked as CVE-2023-27997, which is rated 9.8 out of 10 on CVSS v3 score, is a heap buffer overflow in SSL-VPN pre-authentication on FortiGate firewalls.

The buffer overflow flaw could allow a hostile agent to interfere via the VPN, even if the MFA is activated and potentially lead in the execution of arbitrary code on affected devices.


CVE(s)

CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.


Affected Systems

  • FortiOS version 7.2.4 and below
  • FortiOS version 7.0.11 and below
  • FortiOS version 6.4.12 and below
  • FortiOS version 6.0.16 and below
  • FortiProxy version 7.2.3 and below
  • FortiProxy version 7.0.9 and below
  • FortiProxy version 2.0.12 and below
  • FortiProxy version 1.2 all versions
  • FortiProxy version 1.1 all versions


Recommendation(s)

You should proceed and apply all security patches provided by the vendor.

You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.


References

https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html

https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

SIGN UP

Get the latest Threat Alerts in your inbox.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). By completing this form, you consent to the collection and processing of your personal data for the purpose of processing your inquiry. Your data will be handled securely and will not be shared with third parties without your explicit consent. You have the right to access, rectify, or delete your personal data at any time by contacting us at [email protected]. For more information on how we handle your data, please refer to our Privacy Notice