Fortinet on Monday disclosed that a recently patched critical vulnerability affecting FortiOS and FortiProxy may have been “exploited in a number of cases” in attacks targeting the government, manufacturing and critical infrastructure sectors.
That vulnerabilitytracked as CVE-2023-27997 (CVSS score: 9.2), concerns a stack-based buffer overflow a vulnerability in FortiOS and FortiProxy SSL-VPN that allowed a remote attacker to execute arbitrary code or commands via specially crafted requests.
LEXFO security researchers Charles Fol and Dany Bach have been credited with finding and reporting the flaw. It was addressed by Fortinet on June 9, 2023 in the following versions –
- FortiOS-6K7K version 7.0.12 or higher
- FortiOS-6K7K version 6.4.13 or higher
- FortiOS-6K7K version 6.2.15 or higher
- FortiOS-6K7K version 6.0.17 or higher
- FortiProxy version 7.2.4 or higher
- FortiProxy version 7.0.10 or higher
- FortiProxy version 2.0.13 or higher
- FortiOS version 7.4.0 or higher
- FortiOS version 7.2.5 or higher
- FortiOS version 7.0.12 or higher
- FortiOS version 6.4.13 or higher
- FortiOS version 6.2.14 or higher, and
- FortiOS version 6.0.17 or higher
Company, in a independent disclosuresays this issue was simultaneously discovered during a carefully initiated code audit following active exploitation of a similar flaw in SSL-VPN products (CVE-2022-42475, CVSS score: 9.3) in December 2022.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards tight security. Join our insightful webinar!
Fortinet further said it was not linking the exploit event at this stage to a Chinese state-sponsored actor codenamed Volt Typhoon, which was disclosed by Microsoft last month as exploiting an unknown zero-day flaw in Fortinet FortiGuard internet-facing devices to gain early access. . to target the environment.
However, it noted that it “expects all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.”
Due to active in-the-wild abuse, the company recommends that customers take immediate action to update to the latest firmware version to avoid potential risks.
“Fortinet is continuously monitoring the situation and proactively communicating with customers, strongly urging them to promptly follow the guidance provided to mitigate the vulnerabilities using either the provided solutions or with upgrades,” the company told The Hacker News.