Date: 12-06-2023
Description
On Friday 9 June 2023, Fortinet has released firmware updates for Fortinet SSL-VPN. These updates are likely to address a vulnerability tracked by CVE-2023-27997 [1], as reported by the researchers who found this vulnerability. Their reports state that this is a high severity vulnerability, which can lead to remote code execution. Fortinet has yet to publish details, and it is expected to be done tomorrow (13 June 2023). Even though more detailed information is missing, Northwave would like to warn you and advice you on actions to take to mitigate the risk of the vulnerability.
Impact
Fortinet SSL-VPN is a service running on Fortigate firewalls and is used to allow users to remotely access a network. Due to the nature of this service, it is available publicly and remotely. Information provided by the investigators leads to the conclusion that an unauthenticated attacker could exploit the vulnerability to execute arbitrary code remotely. Therefore, Northwave assesses the impact of this vulnerability to be high.
Based on the available reports, it seems all versions of Fortinet SSL-VPN are vulnerable.
Risk
As the vulnerability is related to arbitrary code execution by an attacker, the risk of this exploitation is high. At the time of writing, there is no information on whether the vulnerability is actively exploited.
What should you do?
This vulnerability is addressed in the following firmware version upgrades of FortiOS:
- 6.0.17
- 6.2.15
- 6.4.13
- 7.0.12
- 7.2.5
We urge you to update any affected device as soon as possible. Whenever more information is provided, attackers can use this information to exploit the vulnerability. Refer to the Fortinet documentation on how to update your device [2].
What will Northwave do?
At the moment, the vulnerability is mitigated by Fortinet in the latest updates. Vulnerability Management customers will be informed in case vulnerable systems are detected in their infrastructure. We will continue to monitor any developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. You can call us by phone or send us an email if you would like additional information.
E-mail: soc@northwave.nl Do you have an incident right now? Call our CERT number: 00800 – 1744 0000
Disclaimer applies, see below.
Sources:
Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.