Fortinet said Monday that a newly patched critical flaw affecting FortiOS and FortiProxy “may have been exploited in limited cases” in attacks targeting government, manufacturing and critical infrastructure sectors. There is,” he said.
The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), is a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that allows remote attackers to execute specially crafted requests. may be able to execute arbitrary code or commands via
LEXFO security researchers Charles Fol and Dany Bach are credited with discovering and reporting this flaw. This issue has been addressed in the next version by Fortinet on June 9, 2023.
- FortiOS-6K7K version 7.0.12 or later
- FortiOS-6K7K version 6.4.13 or later
- FortiOS-6K7K version 6.2.15 or later
- FortiOS-6K7K version 6.0.17 or higher
- FortiProxy version 7.2.4 or higher
- FortiProxy version 7.0.10 or later
- FortiProxy version 2.0.13 or higher
- FortiOS version 7.4.0 or later
- FortiOS version 7.2.5 or higher
- FortiOS version 7.0.12 or higher
- FortiOS version 6.4.13 or higher
- FortiOS version 6.2.14 or later, and
- FortiOS version 6.0.17 or later
In an independent disclosure, the company said the issue cautiously began in December after a similar flaw (CVE-2022-42475, CVSS score: 9.3) in its SSL-VPN product was actively exploited. It was discovered at the same time during an audit of the code that was published. 2022.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
join the session
Fortinet also said the exploits at this stage were not the work of a Chinese state-sponsored attacker codenamed “Bolt Typhoon.” Microsoft revealed last month that the attackers gained initial access by exploiting an unknown zero-day flaw in Internet-connected Fortinet Fortigard devices. to the target environment.
However, the company said it “expects that all threat actors, including those behind the Bolt Typhoon campaign, will continue to exploit unpatched vulnerabilities in widely used software and devices.” said.
Given the active exploitation in the wild, the company advises customers to take immediate steps to update to the latest firmware version to avoid potential risks. .
“Fortinet will continue to monitor the situation, proactively communicate with customers, and urge them to immediately follow any guidance provided to mitigate the vulnerability using any workarounds or upgrades provided.” The company told Hacker News.
