What is happening?
Fortinet issued an advisory for CVE-2023-27997 on June 12, 2023. This is affecting the FortiOS and FortiProxy SSL-VPN.
How long has this been going on?
This was initially released on Jun 12, 2023. There are increasing reports of exploitation of this vulnerability resulting in ransomware.
In addition, NIST announced that CISA has also added this vulnerability to their Known Exploited Vulnerabilities catalog.
Other Industry articles:
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Fortinet: New FortiOS RCE bug "may have been exploited" in attacks
What should I do?
Along with Fortinet, we strongly urge immediate updating of your customer firewalls to a patched version and look for indicators of compromise on those firewalls. For more information on the IOCs from Fortinet, please refer to this article.
What versions of FortiOS are patched?
6.0.17
6.2.15
6.4.13
7.0.12
7.2.5
What Fortinet products are impacted?
FortiOS and FortiProxy SSL-VPN.
What Versions are impacted?
FortiOS-6K7K version 7.0.10
FortiOS-6K7K version 7.0.5
FortiOS-6K7K version 6.4.12
FortiOS-6K7K version 6.4.10
FortiOS-6K7K version 6.4.8
FortiOS-6K7K version 6.4.6
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.9 through 6.2.13
FortiOS-6K7K version 6.2.6 through 6.2.7
FortiOS-6K7K version 6.2.4
FortiOS-6K7K version 6.0.12 through 6.0.16
FortiOS-6K7K version 6.0.10
FortiProxy version 7.2.0 through 7.2.3
FortiProxy version 7.0.0 through 7.0.9
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.13
FortiOS version 6.0.0 through 6.0.16
FortiSASE is no longer impacted, issue remediated Q2/23
What mitigation steps are available?
Per Fortinet's advisory, there are no workarounds or mitigations other than disabling VPN. If you require VPN to be enabled in your customer environments, upgrading to the current patched version is the only suggested course of action.
Comments
0 comments
Please sign in to leave a comment.