| Product and Affected Versions: FortiGate firewalls |
| Severity and CVE ID: CVE-2023-27997 |
| Vulnerability: Fortinet has addressed a critical security flaw in its FortiGate firewalls that could allow threat actors to achieve remote code execution. The vulnerability, currently identified as CVE-2023-27997, is reachable pre-authentication on every SSL VPN appliance. Details about the specific nature of the security flaw have not been disclosed, but Lexfo Security researchers Charles Fol and Dany Bach, who discovered and reported the vulnerability, have confirmed its criticality. |
| How the Attack Works: The exact details regarding the attack vector and exploitation techniques are currently undisclosed. Additional information regarding the vulnerability is expected to be released by Fortinet in the near future. |
| Remediations: Fortinet has released patches to address the critical security flaw in its FortiGate firewalls. Users are strongly advised to apply the patches as soon as they become available. The vulnerability can be mitigated by upgrading to the following versions: 6.2.15, 6.4.13, 7.0.12, and 7.2.5. Given the history of Fortinet flaws being exploited by threat actors, it is crucial for users to act promptly and apply the necessary fixes to minimize potential risks. |
| References: Lexfo Security researcher’s tweet regarding the vulnerability Olympe Cyberdefense’s independent alert Fortinet’s forthcoming advisory (awaiting release) |
