Fortinet has released a patch to fix a critical vulnerability (CVE-2023-27997) in its FortiOS and FortiProxy SSL-VPN, which may have been exploited in attacks targeting government, manufacturing, and critical infrastructure.
In a separate blog released by Fortinet, the security solution company clarifies, “At this time, we are not linking FG-IR-23-097 to the Volt Typhoon campaign. However, Fortinet expects all threat actors, including those behind the Volt Typhoon campaign, to continue exploiting unpatched vulnerabilities in widely used software and devices.”
A. Nature of Vulnerability
- A heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
B. Affected Product Version
|FortiOS-6K7K version 7.0.10|
|FortiOS-6K7K version 7.0.5|
|FortiOS-6K7K version 6.4.12|
|FortiOS-6K7K version 6.4.10|
|FortiOS-6K7K version 6.4.8|
|FortiOS-6K7K version 6.4.6|
|FortiOS-6K7K version 6.4.2|
|FortiOS-6K7K version 6.2.9 through 6.2.13|
|FortiOS-6K7K version 6.2.6 through 6.2.7|
|FortiOS-6K7K version 6.2.4|
|FortiOS-6K7K version 6.0.12 through 6.0.16|
|FortiOS-6K7K version 6.0.10|
|FortiProxy version 7.2.0 through 7.2.3|
|FortiProxy version 7.0.0 through 7.0.9|
|FortiProxy version 2.0.0 through 2.0.12|
|FortiProxy 1.2 all versions|
|FortiProxy 1.1 all versions|
|FortiOS version 7.2.0 through 7.2.4|
|FortiOS version 7.0.0 through 7.0.11|
|FortiOS version 6.4.0 through 6.4.12|
|FortiOS version 6.0.0 through 6.0.16|
C. Actions to be Taken
CERT-PH recommends the following actions be taken:
- CERT-PH encourages all Fortinet users to review and apply the necessary update to mitigate future threats.
- Regularly check and apply the latest patch of software, especially to public-facing applications.
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- For additional information, kindly refer to the official report: