Home > Cyber News > CVE-2023-27997: Critical FortiGate Vulnerability

CVE-2023-27997: Critical FortiGate Vulnerability

Fortinet has identified a vulnerability, CVE-2023-27997, in its FortiGate firewalls that could be leveraged maliciously to gain remote code execution capability.

CVE-2023-27997- Critical FortiGate VulnerabilityThis issue has been found on every SSL VPN appliance, but the details of the security flaw are shrouded in mystery until Fortinet publishes an official advisory. Fortunately, the vulnerability has been addressed in several versions of the platform, including 6.2.15, 6.4.13, 7.0.12, and 7.2.5.

What FortiOS Versions Are Affected by CVE-2023-27997?

According to the official description, CVE-2023-27997 is a heap-based buffer overflow vulnerability in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1, all versions SSL-VPN.

The vulnerability may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests, as per MITRE’s description.

As attacks on Fortinet products are becoming increasingly commonplace, customers and users of these firewalls should apply the fixes as soon as possible to guard against potential threats.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree