Monday, 12 June 2023 13:53

Fortinet Pre-Authentication RCE flaw Found in SSL VPN Function

Written by

Reading time is around minutes.

The last couple of months have been rather busy with the identification of critical vulnerabilities. Multiple Zero-Days were found in different pieces of software including Remote Code Execution, data modification and theft, and complete compromise of other devices that require replacement rather than patching. So, with that it is not surprising that another critical flaw has been identified (and patched) in another major vendor’s devices. Fortinet has announced the release of patches for a vulnerability tracked as CVE-2023-27997.

The vulnerability identified as a remote code execution flaw is accessible during the pre-authentication phase in Fortinet SSL VPN appliances and services. Due to the severity of the flaw and that it does not appear to be exploited in the wild (as of this writing) Fortinet is not releasing any details on the flaw. The French Security company Olympe Cyberdefense released an independent alert that indicates that the RCS flaw is not present in following version of software: 6.2.15, 6.4.13, 7.0.12, and 7.2.5. They also note that the flaw appears to not be affected by MFA enforcement. The report, linked here (in French), mentioned that the new flaw affects all firewalls, but is specific to the VPN function.

Fortinet is a popular firewall and VPN functionality is typically enabled when they are in play. This flaw does leave more than a few organizations open to potential attack if threat actors are already aware of this flaw. If that is the case, then those same organizations are now in a race against attackers to get patched before their environments are attacked and compromised. This flaw needs a seriously abbreviated patch cycle to take this opening away from threat actors. Even if it means down time for regular businesses, a flaw like this on an edge appliance can put you in a situation that no cybersecurity team wants to be in.

Stay safe out there

Read 827 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.