Critical Security Update: Fortinet Releases Essential Patch for Fortigate Firewalls (CVE-2023-27997)

Fortinet recently addressed multiple versions of its FortiOS operating system, which powers Fortigate firewalls and other devices. This update includes a crucial fix for CVE-2023-27997, a remote code execution (RCE) vulnerability that can be exploited without the need for the attacker to have login credentials.

Fortinet has released updates for FortiOS versions 7.2.5, 7.0.12, 6.4.13, 6.2.15, and possibly 6.0.17 (even though official support for the 6.0 branch ended last year). It is highly recommended that enterprise administrators promptly upgrade their Fortigate devices. If this vulnerability is not already being exploited by threat actors, it is highly likely to be targeted in the near future.

Understanding CVE-2023-27997

The specific details of the vulnerability have not been publicly disclosed yet. However, Olympe Cyberdefense has announced that Fortinet will provide additional information about CVE-2023-27997 on June 13, 2023. Preliminary reports suggest that this critical vulnerability affects the SSL VPN functionality of Fortigate firewalls, enabling attackers to interfere with the VPN, even if multi-factor authentication (MFA) is activated.

Renowned security researcher Charles Fol, along with colleague Dany Bach, discovered and reported the flaw. They confirm that CVE-2023-27997 allows for pre-authentication remote code execution on any SSL VPN appliance. They will release further details about the vulnerability at a later time.

No workarounds have been identified at present.

Immediate Patching Required

Enterprise defenders should be aware that threat actors can compare the patched and unpatched versions of the operating system to analyze the fix and develop an exploit. Fortigate firewalls have been targeted by attackers in the past, and Fortinet has been known to release critical fixes without explicitly mentioning the vulnerabilities they address. Consequently, administrators must act swiftly to implement the patch without delay.

If the update does not appear in the device's dashboard, a simple reboot might make it visible. If not, manual download and installation are recommended.

Enhance the security of your network by promptly updating your Fortigate firewalls to safeguard against potential exploits and security breaches.

Tags: Fortinet, Fortigate, Network Security, Firewall, FortiOS, Operating System, Security, Cybersecurity, Alerturity