Fortinet Remote Code Execution Vulnerabilities (CVE-2023-27999 & CVE-2023-22640)

2 Remote Code Execution vulnerabilities (CVE-2023-27999 and CVE-2023-22640) were identified in Fortinet products (including FortiADC, FortiOS, and FortiProxy) recently which would potentially enable an attacker to bypass authentication to achieve initial access and perform remote code execution.

Fortinet has released the patches to remediate these vulnerabilities and strongly recommends customers to apply the update IMMEDIATELY.

 

Vulnerabilities

  • Remote Code Execution Vulnerability (CVE-2023-27999)
    • An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
  • Remote Code Execution Vulnerability (CVE-2023-22640)
    • An out-of-bounds write vulnerability in sslvpnd of FortiOS and FortiProxy may allow an authenticated attacker to arbitrary code execution via specifically crafted requests.

 

Severity Level

  • High

 

Affected Systems

  • FortiADC: 7.2.0, 7.1.1, 7.1.0
  • FortiOS: 7.2.x, 7.0.x, 6.4.x, 6.2.x, and 6.0.x
  • FortiProxy: 7.2.x, 7.0.x, 2.0.x, and 1.x.x

 

Remediation

  • Please apply the update patches in your department devices immediately.
  • Alternatively, the vendor also provided a set of temporary workarounds for FortiOS only:
    • Disable “Host Check”, “Restrict to Specific OS Versions” and “MAC address host checking” in sslvpn portal configuration.  For example for “full-access” sslvpn portal:

config vpn ssl web portal
edit “full-access”
set os-check disable
set host-check none
set mac-addr-check disable
end

 

Reference

 

Enquiry

 

 

Published on: 12 May 2023