Advisory June 12, 2023

Fortinet Patches pre-auth RCE, Update your Fortigate Firewalls’ FOrtiOS for CVE-2023-27997

The Obrela SOC Team

Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit it and neither the target organization is protected by MFA mechanisms

Fortinet has yet to publish an advisory for the flaw, but French cybersecurity company Olympe Cyberdefense reported that an advisory is expected to become public on June 13.

The company said the security hole impacts the SSL VPN functionality of FortiGate firewalls, allowing an attacker to “interfere via the VPN”.

The vulnerability has been fixed in FortiOS versions 7.2.5, 7.0.12, 6.4.13, 6.2.15 and, apparently also in v6.0.17 (even though Fortinet officially stopped supporting the 6.0 branch last year).

Enterprise admins are advised to upgrade Fortigate devices as soon as possible – if the vulnerability is not already being exploited by attackers, it’s likely that it will soon be.

References:

https://www.securityweek.com/fortinet-patches-critical-fortigate-ssl-vpn-vulnerability/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997

https://www.thestack.technology/fortinet-vulnerability-vpn-cve-2023-27997/