Fortinet FortiGate vulnerability
This live blog contains information regarding a vulnerability in Fortinet FortiGate firewalls. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on June 12, 2023.
T-Update
This live blog contains information about a vulnerability in Fortinet FortiGate firewalls. As soon as we have an update, we will add it to this blog. More information about potential risks and details will be posted at the bottom of this blog. Last updated on June 12, 2023.
Update June 12, 2023
4:30 PM | Fortinet has released updates for a critical vulnerability in the firmware of its FortiGate firewalls. These updates address a previously undisclosed vulnerability in SSL VPN devices. The updates have been released in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware.
The exact details of the vulnerability have not been disclosed, but it is considered critical and could allow an attacker to disrupt the VPN, even if multifactor authentication (MFA) is enabled. All versions of Fortinet's FortiGate firewalls are presumed to be affected; further clarity is expected after the release of the CVE on June 13, 2023, which will provide more information.
Achtergrond
The security community has highlighted the importance of applying the updates promptly, as Fortinet is known to release patches before publicly disclosing critical vulnerabilities, giving customers time to update their devices before threat actors can reverse engineer the patches. The updates include a fix for a remote code execution (RCE) vulnerability (CVE-2023-27997) discovered by security researchers Charles Fol and Rioru. This RCE vulnerability can be exploited pre-authentication on any SSL VPN appliance.Fortinet devices, being widely used for firewalls and VPNs, are often targeted by attackers. Over 250,000 Fortigate firewalls can be reached from the internet, making them potentially vulnerable to this flaw.In the past, SSL VPN flaws have been exploited shortly after patches are released, leading to data theft and ransomware attacks. Therefore, administrators are strongly advised to apply the Fortinet security updates as soon as they become available. If the update does not appear in the device’s dashboard, a reboot or manual download and installation may be necessary.
Risico
De beveiligingsgemeenschap heeft gewezen op het belang van het snel toepassen van de updates. Fortinet brengt patches uit voordat kritieke kwetsbaarheden openbaar worden gemaakt, zodat klanten de tijd hebben om hun apparaten bij te werken voordat bedreigingsactoren de patches kunnen reverse engineeren. De updates bevatten een oplossing voor een kwetsbaarheid voor remote code execution (RCE) (CVE-2023-27997) ontdekt door beveiligingsonderzoekers Charles Fol en Rioru. Deze RCE-kwetsbaarheid kan vóór de authenticatie op elke SSL VPN-appliance worden misbruikt.
Fortinet-apparaten, die veel worden gebruikt voor firewalls en VPN’s, zijn vaak het doelwit van aanvallers. Meer dan 250.000 FortiGate firewalls zijn bereikbaar vanaf het internet, waardoor ze potentieel kwetsbaar zijn voor dit lek. In het verleden zijn gebreken in SSL VPN’s uitgebuit kort nadat patches waren uitgebracht, wat leidde tot gegevensdiefstal en ransomware-aanvallen.
Het wordt beheerders daarom sterk aangeraden om de Fortinet beveiligingsupdates toe te passen zodra ze beschikbaar zijn. Als de update niet verschijnt in het dashboard van het apparaat, kan een herstart of handmatige download en installatie nodig zijn.
Advies
Fortinet has released critical firmware updates for its FortiGate firewalls, addressing a previously undisclosed vulnerability in SSL VPN devices. The updates were quietly released in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware.
If any suspicious or malicious activity is detected in relation to this article, please contact T-CERT. The Tesorion Computer Emergency Response Team offers specialist support 24/7. In emergencies, we immediately conduct an initial assessment by telephone and do all we can to get the situation under control as soon as possible.
Bronnen
More information:
- https://twitter.com/cfreal_/status/1667852157536616451
- https://cve.report/CVE-2023-27997
- https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0282
- https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/
- https://www.helpnetsecurity.com/2023/06/11/cve-2023-27997/
- https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html?
- https://olympecyberdefense.fr/1193-2/
Schrijf je in voor T-Updates
Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail
More than 1,000 organizations have already joined us.
