A critical security flaw was identified on Sunday 11th June 2023 in Fortinet FortiGate firewalls that could potentially be exploited by threat actors to achieve remote code execution.
IMPORTANT UPDATE from Fortinet June 12th: https://www.fortiguard.com/psirt/FG-IR-23-097
This vulnerability, formally tracked as CVE-2023-27997, is reachable pre-authentication, on every SSL VPN appliance. In simple terms, this means an attacker could potentially execute arbitrary code on the system even without needing valid credentials. It is important to note that the details of this vulnerability are currently not fully disclosed, but Fortinet is expected to provide more information in the coming days.
The flaw could allow a malicious actor to interfere via the VPN, even if Multi-Factor Authentication (MFA) is activated. This poses a significant threat as it could potentially allow unauthorised individuals to gain access to sensitive information, manipulate data, or disrupt services.
In recent years, vulnerabilities in Fortinet firewalls have become a lucrative attack vector for cybercriminals. If exploited, this could lead to severe consequences including data breaches, operational disruptions, and potential reputational damage.
Fortinet has released patches to address this vulnerability in FortiGate versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5. We strongly advise you to apply these patches immediately to mitigate any potential risks.
We understand that patch management can be complex and time-consuming. However, in this instance, the severity of the vulnerability makes prompt action essential.