Fortinet, a renowned cybersecurity company, has recently released firmware updates to address a critical remote code execution (RCE) vulnerability in their Fortigate SSL-VPN devices. This vulnerability poses a significant risk, enabling attackers to exploit SSL VPN functionality, even with multi-factor authentication (MFA) enabled. In this blog post, we will provide essential details about the vulnerability, highlight the urgency of applying the updates immediately, and recommend actions for administrators.
Critical Vulnerability - Heap-Based Buffer Overflow in SSL VPN Functionality: Fortinet devices, including FortiGate Next Generation Firewalls (NGFW) and FortiProxy, are susceptible to a critical security flaw identified as a heap-based buffer overflow vulnerability in the SSL VPN feature. Tracked as CVE-2023-27997, this vulnerability allows attackers to remotely exploit the flaw by sending specially crafted requests to vulnerable devices. Exploiting this vulnerability grants the attacker the ability to execute arbitrary code on compromised devices. Notably, this vulnerability can be exploited even when MFA is activated.
Confirmation of Impact and Additional Details: Olympe Cyberdefense, a reputable French cybersecurity firm, has confirmed that the vulnerability permits malicious actors to interfere with the VPN, even with MFA enabled. While confirmation of affected versions is pending until the release of the CVE on June 13th, 2023, vulnerability researchers Charles Fol and Rioru have provided additional information about the FortiOS updates. Their tweet reveals that the updates include a fix for the critical RCE vulnerability (CVE-2023-27997) they reported. Notably, this vulnerability can be exploited pre-authentication on any SSL VPN appliance.
The Urgency for Patching and Potential Risks: Fortinet's prominence as a leading provider of firewall and VPN devices makes them an attractive target for cyberattacks. A recent Shodan search identified over 250,000 publicly accessible FortiGate firewalls, with the majority likely exposed to this vulnerability due to its impact on previous versions. Historical evidence suggests that threat actors swiftly exploit SSL-VPN flaws after patches are released. Hence, prompt patching is vital to mitigate potential risks. Exploiting such vulnerabilities can result in unauthorized access, data theft, and ransomware attacks.
Firmware Updates and Patching Recommendations: Fortinet has released firmware updates to address the critical RCE vulnerability in Fortigate SSL-VPN devices. The security fixes are available across various FortiOS firmware versions, including 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. While the release notes may not explicitly mention the critical vulnerability, security professionals and administrators have confirmed that these updates discreetly address the SSL-VPN RCE flaw set to be disclosed on June 13th, 2023. It is of utmost importance that administrators promptly install these security patches to prevent potential attacks and safeguard their networks.
Conclusion: The recent release of firmware updates by Fortinet for their Fortigate SSL-VPN devices demonstrates their unwavering commitment to customer security. We strongly urge administrators to take immediate action by installing these patches, thereby preventing potential attacks and safeguarding their networks. To further enhance your organization's security posture and ensure comprehensive vulnerability management, consider leveraging Armoryze's zero trust security & risk-based vulnerability management services. Armoryze, a trusted provider of cybersecurity solutions, offers tailored services to help you identify, prioritize, and effectively mitigate vulnerabilities. By scheduling a FREE consultation with Armoryze today, you can stay one step ahead of cybercriminals and strengthen your security defenses. Safeguard your network from potential threats and protect your valuable assets now.