Fortinet Remote Code Execution Vulnerability (CVE-2023-27997)

A critical Remote Code Execution vulnerability (CVE-2023-27997) was identified in FortiOS and FortiProxy SSL-VPN recently which may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Fortinet has released the patches to remediate the vulnerability and strongly recommends customers to apply the update IMMEDIATELY.

Vulnerabilities

• Remote Code Execution Vulnerability (CVE-2023-27997)
  • An unauthenticated attacker can execute arbitrary code or commands via specifically crafted requests, and successfully exploit the vulnerability to interfere via the VPN without logging in, even when MFA is activated.

Severity Level

• Critical

Affected Systems

• FortiOS-6K7K:
  • 7.0.5, 7.0.10,
  • 6.4.12, 6.4.10, 6.4.8, 6.4.6, 6.4.2,
  • 6.2.9 through 6.2.13, 6.2.6 through 6.2.7, 6.2.4,
  • 6.0.12 through 6.0.16, 6.0.10
• FortiOS:
  • 7.2.0 through 7.2.4,
  • 7.0.0 through 7.0.11,
  • 6.4.0 through 6.4.12,
  • 6.0.0 through 6.0.16
• FortiProxy:
  • 7.2.0 through 7.2.3,
  • 7.0.0 through 7.0.9,
  • 2.0.0 through 2.0.12,
  • 1.2 all versions,
  • 1.1 all versions

Remediation

• Please apply the latest update patches in your department devices immediately.

Reference

• https://www.fortiguard.com/psirt/FG-IR-23-097
• https://nvd.nist.gov/vuln/detail/CVE-2023-27997
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997
• https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20230613

Enquiry

• For enquiries, please contact infosec@cuhk.edu.hk. Thanks a lot.

Published on: 13 Jun 2023