Warning: Remote code execution vulnerability discovered in all FortiGate devices running FortiOS with SSL-VPN enabled, Patch Immediately!
CVE-2023-27997 CVSS 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Sources
https://nvd.nist.gov/vuln/detail/CVE-2023-27997
Risks
An unauthenticated remote attacker could gain remote code execution capabilities on a vulnerable FortiOS appliance even if multi-factor authentication is enabled.
Previous similar SSL-VPN flaws in FortiOS were heavily exploited by Nation State actors and Cybercriminals in the past to gain a foothold in the network.
CVE-2023-27997 has a high impact on Confidentiality, Integrity, and availability. Immediate action is required!
Fortinet will publish more details on CVE-2023-27997 on the 13th of June, this advisory will be updated accordingly.
Description
Fortinet did not officially communicate about this vulnerability to give customers time to patch and take the necessary actions.
The attack vector is network and successful exploitation of the vulnerability allows an unauthenticated attacker to get RCE-access on the FortiOS appliance.
The exploit code for this vulnerability has not publicly been observed but some actors claim they have already an exploit to abuse this vulnerability.
It is extremely important to perform the following recommended actions as soon as possible!
Recommended Actions
The Centre for Cyber security Belgium strongly recommends system administrators to take the following actions:
- Update FortiOS to one of the following versions:
- 6.0.17
- 6.2.15
- 6.4.13
- 7.0.12
- 7.2.5
- Check the FortiOS logs for any malicious actions e.g., creation of a new user.
- Monitor the FortiOS device and its VPN connections closely to discover anomalies.
- Monitor your network traffic to discover any malicious traffic within your network.