June 12, 2023

Fortinet Patches Pre-authentication RCE Vulnerability

Fortinet patched a critical remote code exaction (RCE) vulnerability in its FortiGate firewalls, which does not require the threat actor to logged in to exploit it.

The Vulnerability

• CVE-2023-27997 (Critical) – A pre-authentication RCE Vulnerability affects the SSL-VPN component of Fertigate firewalls. This could allow a threat actor to interfere via the VPN, even if the MFA is activated.

Affected Products

• All previous versions of FortiGate firewalls.

Mitigation

CYREBRO recommends all Forti customers to update to the current patched versions of FortiOS firmware powering the FortiGate firewalls:

• 7.0.12
• 7.2.5
• 6.4.13
• 6.2.15
• 6.0.17

Since Fortinet has not yet released an official advisory, we advise all clients to be aware of potential additional updates from Fortinet’s side.

References: The Hacker News