Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!

Cyber Security Threat Summary:
On Monday, Fortinet issued a security advisory warning that a recently patched vulnerability may have been exploited in attacks in the wild. Tracked as CVE-2023-27997, the flaw relates to a heap buffer over in FortiOS and FortiProxy SSL-VPN and could be exploited by a remote attacker to execute arbitrary code or commands via specially crafted requests.

The flaw was discovered by security researchers at LEXFO, Charles Fol and Dany Bach, and impacts the following products:

  • FortiOS-6K7K version 7.0.10
  • FortiOS-6K7K version 7.0.5
  • FortiOS-6K7K version 6.4.12
  • FortiOS-6K7K version 6.4.10
  • FortiOS-6K7K version 6.4.8
  • FortiOS-6K7K version 6.4.6
  • FortiOS-6K7K version 6.4.2
  • FortiOS-6K7K version 6.2.9 through 6.2.13
  • FortiOS-6K7K version 6.2.6 through 6.2.7
  • FortiOS-6K7K version 6.2.4
  • FortiOS-6K7K version 6.0.12 through 6.0.16
  • FortiOS-6K7K version 6.0.10
  • FortiProxy version 7.2.0 through 7.2.3
  • FortiProxy version 7.0.0 through 7.0.9
  • FortiProxy version 2.0.0 through 2.0.12
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions
  • FortiOS version 7.2.0 through 7.2.4
  • FortiOS version 7.0.0 through 7.0.11
  • FortiOS version 6.4.0 through 6.4.12
  • FortiOS version 6.2.0 through 6.2.13
  • FortiOS version 6.0.0 through 6.0.16


    CVE-2023-27997 was addressed by Fortinet last Friday. The company is recommending customers to upgrade their appliances to the following fixed versions:

  • FortiOS-6K7K version 7.0.12 or above
  • FortiOS-6K7K version 6.4.13 or above
  • FortiOS-6K7K version 6.2.15 or above
  • FortiOS-6K7K version 6.0.17 or above
  • FortiProxy version 7.2.4 or above
  • FortiProxy version 7.0.10 or above
  • FortiOS version 7.4.0 or above
  • FortiOS version 7.2.5 or above
  • FortiOS version 7.0.12 or above
  • FortiOS version 6.4.13 or above
  • FortiOS version 6.2.14 or above
  • FortiOS version 6.0.17 or above


    Security Officer Comments:
    Although Fortinet stated that the flaw may have been exploited in a limited number of attacks targeting government, manufacturing, and critical infrastructure sectors, no other technical details were disclosed. This is most likely the case as threat actors might leverage such details to create custom exploits. As such the company wants to give users enough time to apply the updates released.

    Fortinet did note in a blog post that it is not attributing the attacks to Volt Typhoon, a newly discovered Chinese state-sponsored actor which was observed by Microsoft exploiting unknown zero-day flaws in internet-facing Fortinet FortiGuard devices to gain initial access to target environments. However, the company expects all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and device.

    Suggested Correction(s):
    In addition to applying the latest updates, Fortinet recommends the following:

    Review your systems for evidence of exploit of previous vulnerabilities e.g. FG-IR-22-377 / CVE-2022-40684 Maintain good cyber hygiene and follow vendor patching recommendations Follow hardening recommendations, e.g., FortiOS 7.2.0 Hardening Guide Minimize the attack surface by disabling unused features and managing devices via an out-of-band method wherever possible

    Link(s):
    https://thehackernews.com/2023/06/critical-fortios-and-fortiproxy.html
    https://www.fortiguard.com/psirt/FG-IR-23-097
    https://www.fortinet.com/blog/

    Contact Us for Threat Assistance Back to Current Threats

    • Just Starting?



    Contact LACyber for More Info



    Current Active Cyber Threats