September 29, 2023

Researchers issued a warning that thousands of Fortinet firewalls remain vulnerable to attack because they weren’t patched following the disclosure of a critical vulnerability in June.

The vulnerability, designated as CVE-2023-27997, is a heap overflow issue found in FortiOS, the operating system that powers FortiGate firewalls. The vulnerability, which is ranked as 9.8 Critical, allows an attacker to undertake remote code execution and potentially run arbitrary code on a vulnerable system.

The vulnerability affects the system’s secure sockets layer virtual private network interfaces. Researchers estimate that about 490,000 are exposed on the internet. Although Fortinet has released a patch, about 69% remain unpatched, leaving them vulnerable to potential exploits.

Researchers developed an PoC exploit that involves remotely executing code that compromises the target system, allowing it to connect back to a server controlled by an attacker. Once a connection is established, the exploit downloads a binary and opens an interactive shell on the target device.

The researchers recommended all Fortinet FortiGate firewall users to install the patch as soon as possible. This was documented by researchers from Bishop Fox

Tags:

Leave a Reply

You may have missed

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023

WordPress Simple Membership Plugin Vulnerabilities

September 28, 2023

Jetbrains TeamCity RCE Vulnerability

September 27, 2023

Heap Buffer Overflow Bug in libwebp Library -CVE-2023-5129

September 27, 2023 2

Symantec Collaborates with Google Cloud Security AI

September 27, 2023 2
%d bloggers like this: