Blog
Threat Intelligence: Fortinet SSL-VPN Vulnerability
Posted: June 14, 2023
On June 11th, 2023, Fortinet quietly released firmware updates addressing a serious, undisclosed pre-authentication Remote Code Execution (RCE) vulnerability affecting all versions of Fortigate SSL-VPN devices.
The details:
This RCE flaw could allow a malicious agent to interfere via the VPN, even with Multi-Factor Authentication (MFA) in place.
The FortiOS firmware updates that address this issue include versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
The vulnerability, coded as CVE-2023-27997, was identified by researchers Charles Fol and Rioru.
More than 250,000 Fortigate firewalls are potentially exposed, because they can be reached from the internet, and the majority are likely running affected versions.
What you need to do NOW:
- Apply the Fortinet security patches immediately. The patches are available for FortiOS versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. Given the nature of the vulnerability, it is URGENT that these patches are applied promptly.
- Communicate this update to your clients and educate them about the importance of the immediate application of these patches as well as the potential risk to their data if left unpatched.
- Monitor your systems for any irregularities. Since the flaw could potentially be exploited pre-authentication, any signs of abnormal system behavior should be treated with caution.
Remember, historical data suggests threat actors exploit SSL-VPN flaws mere days after patches are released. They use them as initial access points for data theft and ransomware attacks, so this is a crucial time for you and your clients to bolster your defenses.
We understand the gravity of this situation and we’re here to assist you. If you need help applying the patches or want to learn more about how to prevent similar threats, please don’t hesitate to contact us.
Stay vigilant and stay secure.