They say that the vulnerability is critical, affects Fortigate firwall’s SSL VPN functionality, and may allow an attacker to “interfere via the VPN, even if MFA is activated.” According to Olympe Cyberdefense, Fortinet will be releasing more details on J(Tuesday). The exact nature of the vulnerability is currently (publicly) unknown.
The vulnerability has been fixed in FortiOS versions 7.2.5, 7.0.12, 6.4.13, 6.2.15 and, apparently also in v6.0.17 (even though Fortinet officially stopped supporting the 6.0 branch last year).Įnterprise admins are advised to upgrade Fortigate devices as soon as possible – if the vulnerability is not already being exploited by attackers, it’s likely that it will soon be.
Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit it.
0 kommentar(er)
