Fortinet, a leading cybersecurity company, has recently addressed a critical vulnerability in FortiGate that could be exploited by unauthorized attackers for remote code execution. The flaw, tracked as CVE-2023-27997, was first identified by researchers at Lexfo, a French offensive IT security firm.
Charles Fol, one of the researchers, disclosed on Twitter that the vulnerability affects all SSL VPN appliances and allows for remote code execution without authentication. While Fortinet has not yet issued an official advisory regarding the flaw, Olympe Cyberdefense, a French cybersecurity company, revealed that a public advisory is expected to be released on June 13.
The security hole specifically impacts the SSL VPN functionality of FortiGate firewalls, granting attackers the ability to interfere with the VPN. Fortunately, Fortinet has reportedly included the necessary patch in versions 7.0.12, 7.2.5, 6.4.13, and 6.2.15 of FortiOS.
It is worth noting that vulnerabilities affecting Fortinet products have been frequently exploited by threat actors, including both state-sponsored cyberspies and profit-driven cybercriminals. In many cases, these exploits occur before patches have been made available, underscoring the critical importance of prompt updates and proactive security measures.
Brian Contos, CSO, Sevco Security shared how organizations can protect themselves from threats related to these vulnerabilities and how he thinks the vulnerability disclosure process needs to shift to a more proactive approach:
“The important first step for any organization to take is to patch this Fortinet vulnerability. If you’re reading this and you haven’t done that yet, stop what you’re doing and patch immediately. But the standard operating procedure for finding these types of vulnerabilities has to change. Disclosure, patch, and cross your fingers that you fixed the issue before the bad guys got into your network simply isn’t good enough.
Organizations need to shift from a reactive stance to a proactive one where they are hunting their vulnerabilities and remediating them before a bad actor exploits them. This starts with accurate and timely asset intelligence, which is required to serve as the foundation of a sound security program.”
###