This live blog contains information regarding a vulnerability in Fortinet FortiGate firewalls. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on June 12, 2023.
Update 12 June 2023
16:30 | Fortinet has released critical firmware updates for its FortiGate firewalls, addressing a previously undisclosed vulnerability in SSL VPN devices. The updates were quietly released in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware. The exact details of the vulnerability have not been disclosed, but it is considered critical and could allow an attacker to interfere with the VPN, even if multi-factor authentication (MFA) is enabled. All versions of Fortinet’s FortiGate firewalls are believed to be affected, pending the release of the CVE on June 13, 2023, which will provide more information.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Vulnerability information
Fortinet has released critical firmware updates for its FortiGate firewalls, addressing a previously undisclosed vulnerability in SSL VPN devices.
The updates were quietly released in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware.
In the past, SSL VPN flaws have been exploited shortly after patches are released, leading to data theft and ransomware attacks. Therefore, administrators are strongly advised to apply the Fortinet security updates as soon as they become available. If the update does not appear in the device’s dashboard, a reboot or manual download and installation may be necessary.
Potential Risk
The security community has highlighted the importance of applying the updates promptly, as Fortinet is known to release patches before publicly disclosing critical vulnerabilities, giving customers time to update their devices before threat actors can reverse engineer the patches. The updates include a fix for a remote code execution (RCE) vulnerability (CVE-2023-27997) discovered by security researchers Charles Fol and Rioru. This RCE vulnerability can be exploited pre-authentication on any SSL VPN appliance.
Fortinet devices, being widely used for firewalls and VPNs, are often targeted by attackers. Over 250,000 Fortigate firewalls can be reached from the internet, making them potentially vulnerable to this flaw.
In the past, SSL VPN flaws have been exploited shortly after patches are released, leading to data theft and ransomware attacks. Therefore, administrators are strongly advised to apply the Fortinet security updates as soon as they become available. If the update does not appear in the device’s dashboard, a reboot or manual download and installation may be necessary.
Detail info
Fortinet has released critical firmware updates for its FortiGate firewalls, addressing a previously undisclosed vulnerability in SSL VPN devices. The updates were quietly released in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware.
If any suspicious or malicious activity is detected in relation to this article, please contact T-CERT. The Tesorion Computer Emergency Response Team offers specialist support 24/7. In emergencies, we immediately conduct an initial assessment by telephone and do all we can to get the situation under control as soon as possible.
Sources
More information is available at:
- https://twitter.com/cfreal_/status/1667852157536616451
- https://cve.report/CVE-2023-27997
- https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0282
- https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/
- https://www.helpnetsecurity.com/2023/06/11/cve-2023-27997/
- https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html
- https://olympecyberdefense.fr/1193-2/
Subscribe
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.
Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.
