Fortinet has released a firmware update that fixes a critical, pre-authentication remote code execution vulnerability in its FortiGate security appliances when the SSL VPN module is enabled.
The details of the vulnerability (CVE-2023-27997) are not public yet, but should be disclosed Tuesday when the company releases its monthly security updates. On Friday, Fortinet released fixed firmware versions to address the bug. All of the current versions of FortiOS are affected by the vulnerability, and the fixed versions are 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
Two French offensive security researchers discovered the vulnerability and reported it to Fortinet. The company did not call out the vulnerability specifically in the firmware release, but the researchers who discovered the bug said on Twitter that it had been patched, and other researchers had compared the vulnerable and patched firmware releases and identified the vulnerability.
This bug is somewhat reminiscent of one that Fortinet researchers discovered being exploited in the wild late last year. That vulnerability (CVE-2023-42475) is a heap buffer overflow in the SSLVPNd component and soon after the initial advisory came out in December, attackers began targeting vulnerable appliances. Other Fortinet vulnerabilities also have been popular targets for attackers, thanks to the large install base for the company’s products and the potential for gaining a serious foothold in an enterprise network.
The new vulnerability is only present when the SSL VPN functionality is enabled on the FortiGate appliances.