Fortinet Releases Urgent Firmware Updates to Address Critical SSL VPN Vulnerability
Fortinet, has taken swift action by releasing crucial firmware updates for their Fortigate devices. These updates address an undisclosed and critical pre-authentication remote code execution (RCE) vulnerability affecting SSL VPN devices. The security fixes, present in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, were quietly made available on Friday.
While the release notes do not explicitly mention the nature of the updates, cybersecurity professionals and administrators have indicated that they address a critical SSL-VPN RCE vulnerability, which is expected to be publicly disclosed on June 13th, 2023. French cybersecurity firm Olympe Cyberdefense warned that the flaw could potentially allow malicious actors to exploit the VPN even if multi-factor authentication (MFA) is activated.
Additional information regarding the vulnerability came to light when Lexfo Security vulnerability researcher Charles Fol disclosed that the new FortiOS updates include a fix for a critical RCE vulnerability discovered by him and Rioru. This vulnerability, identified as CVE-2023-27997, is reachable pre-authentication and affects all SSL VPN appliances. Fol emphasized the urgency for Fortinet administrators to promptly apply the patch, as threat actors are likely to analyze and exploit the vulnerability soon.
#Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability @DDXhunter and I reported. This is reachable pre-authentication, on every SSL VPN appliance. Patch your #Fortigate. Details at a later time. #xortigate
— Charles Fol (@cfreal_) June 11, 2023
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Fortinet devices, widely deployed as firewall and VPN devices, are a favored target for cyberattacks. A Shodan search revealed that over 250,000 Fortigate firewalls are accessible from the Internet, leaving a significant portion potentially exposed to this bug. Past instances have shown that SSL-VPN vulnerabilities are exploited by threat actors shortly after patches are released, often used as an entry point for data theft and ransomware attacks.
Given the severity of the situation, it is crucial for administrators to diligently apply the Fortinet security updates as soon as they are made available.
Trending: Offensive Security Tool: Pypykatz
BleepingComputer reached out to Fortinet for further information on the updates and received a statement from Fortinet in response to inquiries about whether the bug had been exploited. The company emphasized the importance of timely and ongoing communication with customers, stating that confidential advance customer communications aim to provide early warning advisories to strengthen their security posture before public disclosure. Fortinet follows responsible disclosure practices to ensure customers receive timely information to make informed risk-based decisions. For more information on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page: [https://www.fortiguard.com/psirt_policy].
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com