How to Respond: CVE-2023-27997 (Fortigate SSL VPN) - UpGuard - #CVE-2023-27997
Fortinet released a critical vulnerability patch in mid-June for CVE-2023-27997, a heap overflow in FortiOS that could allow remote code execution. However, according to security researchers, 69% of 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet remain unpatched. The vulnerability allows unauthenticated attackers to execute arbitrary code remotely with a severity score of 9.8 out of 10. Fortinet addressed versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, acknowledging limited exploitation targeting government, manufacturing, and critical infrastructure. Bishop Fox developed an exploit for CVE-2023-27997 that takes about one second to execute. A Shodan search found only 153,414 devices were updated, leaving many unpatched for up to eight years and running older versions of FortiOS 5 and 6.