Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Update 6/11/23: Fortinet statement added below.
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.
The security fixes were released on Friday in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly fixed a critical SSL-VPN RCE vulnerability that would be disclosed on Tuesday, June 13th, 2023.
“The flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated,” reads an advisory from French cybersecurity firm Olympe Cyberdefense.
“To date, all versions would be affected, we are waiting for the release of the CVE on June 13, 2023 to confirm this information.”
Fortinet is known to push out security patches prior to disclosing critical vulnerabilities to give customers time to update their devices before threat actors reverse engineer the patches.
Today, additional information was disclosed by Lexfo Security vulnerability researcher Charles Fol, who told BleepingComputer that the new FortiOS updates include a fix for a critical RCE vulnerability discovered by him and Rioru.
“Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability @DDXhunter and I reported,” reads a tweet by Fol.
“This is reachable pre-authentication, on every SSL VPN appliance. Patch your Fortigate. Details at a later time. #xortigate.”
Fol confirmed to BleepingComputer that this should be considered an urgent patch for Fortinet admins as its likely to be quickly analyzed and discovered by threat actors.
Fortinet devices are some of the most popular firewall and VPN devices in the market, making them a popular target for attacks.
Per a Shodan search, over 250,000 Fortigate firewalls can be reached from the Internet, and as this bug affects all previous versions, the majority are likely exposed.
In the past, SSL-VPN flaws have been exploited by threat actors just days after patches are released, commonly used to gain initial access to networks to conduct data theft and ransomware attacks.
Therefore, admins must apply Fortinet security updates as soon as they become available.
BleepingComputer has contacted Fortinet to learn more about the updates, but a reply was not immediately available.
Update 6/11/23 8:35 PM ET: Fortinet shared the following statement with BleepingComputer after contacting them about whether the bug was exploited.
“Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization. There are instances where confidential advance customer communications can include early warning on Advisories to enable customers to further strengthen their security posture, prior to the Advisory being publicly released to a broader audience. This process follows best practices for responsible disclosure to ensure our customers have the timely information they need to help them make informed risk-based decisions. For more on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page: https://www.fortiguard.com/psirt_policy.”
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
