Fortinet Patches Critical RCE Flaw in Fortigate SSL VPN Firewall

Fortinet, a security solutions company released patches to address a critical vulnerability in its FortiProxy SSL VPN and FortiOS firmware products. Although, on a limited scale, the flaw is believed to have been exploited by unknown threat actors, targeting manufacturing, government organizations and critical infrastructure.

Tracked as (CVE-2023-27997/ FG-IR-23-097), the flaw is a ‘heap buffer overflow in SSL-VPN pre-authentication’’. It’s been tagged critical with a CVSS score of 9.2.

Discovered by Lexfo Security, this reachable pre-authentication affects every SSL VPN device and allows unauthorized remote code execution (RCE). Following a similar exploitation incident, While conducting a code audit of the SSL-VPN module, Fortinet too, identified this flaw and silently issued patches as a remedial measure.

On June 12, the company issued an advisory disclosing the vulnerability and the following day, it released a list of affected firmware products and solutions to mitigate the risk. The issued security patches were included in Fortinet’s FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.

The company is known for issuing patches before officially disclosing the vulnerabilities. Popular for its VPN and firewall appliances, Fortinet’s devices have become a lucrative target for hackers and ransomware gangs. Thus, the company’s stealth release of security fixes gives its customers time to upgrade or deploy security solutions before they become victims to threat actors.