Vulnerabilities and Threats (Corvus Alerts)
      Back to home
      1. Knowledge Nest
      2. Cybersecurity Tips + Vulnerability Alerts
      3. Vulnerabilities and Threats (Corvus Alerts)

      Fortinet Fortigate Vulnerability Alert | June 2023

      There's a critical vulnerability in Fortinet Fortigate Products. Here's what you need to know.

      Background

      A critical security flaw (CVE-2023-27997) has been discovered in Fortigate SSL VPNs. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Corvus has observed similar vulnerabilities lead to ransomware incidents. Security patches have been released and should be applied as soon as possible.

      Impact

      The vulnerability is fixed in the following Fortinet Fortigate versions:

      • FortiOS 6.0.17 
      • FortiOS 6.2.15
      • FortiOS 6.4.13 
      • FortiOS 7.0.12 
      • FortiOS 7.2.5

      Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.

      Next Steps

      • Ensure you are running the latest available fixed version of FortiOS.

       

      Please contact Fortinet customer support for assistance.