September 29, 2023

Researchers issued a warning that thousands of Fortinet firewalls remain vulnerable to attack because they weren’t patched following the disclosure of a critical vulnerability in June.

The vulnerability, designated as CVE-2023-27997, is a heap overflow issue found in FortiOS, the operating system that powers FortiGate firewalls. The vulnerability, which is ranked as 9.8 Critical, allows an attacker to undertake remote code execution and potentially run arbitrary code on a vulnerable system.

The vulnerability affects the system’s secure sockets layer virtual private network interfaces. Researchers estimate that about 490,000 are exposed on the internet. Although Fortinet has released a patch, about 69% remain unpatched, leaving them vulnerable to potential exploits.

Researchers developed an PoC exploit that involves remotely executing code that compromises the target system, allowing it to connect back to a server controlled by an attacker. Once a connection is established, the exploit downloads a binary and opens an interactive shell on the target device.

The researchers recommended all Fortinet FortiGate firewall users to install the patch as soon as possible. This was documented by researchers from Bishop Fox

Leave a Reply

%d bloggers like this: