September 29, 2023

Fortinet has released patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls.

An attacker can exploit the vulnerability to achieve remote code execution on vulnerable network equipment. The issue is reachable pre-authentication that impacts every SSL VPN appliance

The flaw is not disclosed publicly and scheduled to be public on June 13, 2023. The vulnerability has been patched in versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5.

Below is the statement shared by the vendor with media outlets:

Timely and ongoing communications with our customers are key component in our efforts to best protect and secure their organization. There are instances where confidential advance customer communications can include early warning on Advisories to enable customers to further strengthen their security posture prior to the advisory being publicly released to a broader audience. This process follows best practices for responsible disclosure to ensure our customers have the timely information they need to help them make informed risk-based decisions.

Fortinet Statement

For more on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page:”

1 thought on “Fortinet Patches Critical Auth Vulnerability

Leave a Reply

%d bloggers like this: