There's a critical vulnerability in Fortinet Fortigate Products. Here's what you need to know.
A critical security flaw (CVE-2023-27997) has been discovered in Fortigate SSL VPNs. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Corvus has observed similar vulnerabilities lead to ransomware incidents. Security patches have been released and should be applied as soon as possible.
The vulnerability is fixed in the following Fortinet Fortigate versions:
- FortiOS 6.0.17
- FortiOS 6.2.15
- FortiOS 6.4.13
- FortiOS 7.0.12
- FortiOS 7.2.5
Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.
- Ensure you are running the latest available fixed version of FortiOS.
Please contact Fortinet customer support for assistance.