Login

CVE-2023-27997

Cyber Security Alert: Fortigate Vulnerability

please add an image

Fortinet has rolled out an updated version of FortiOS/FortiProxy, to address a severe SSL-VPN component vulnerability.

Threat Name: CVE-2023-27997

Risk Factor: Critical

Date: June 2023

Get Help Now

Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis

BOOK A CALL

What we know about the Fortigate – SSL VPN vulnerability

The vulnerability, which is tracked as CVE-2023-27997 is a pre-authentication remote code execution vulnerability, which if left unpatched, could lead to critical organisational risk.

The SSL-VPN vulnerability would allow an attacker with zero credentials to execute arbitrary code during the pre-authentication stage. This means, the attacker could circumnavigate MFA.

Which OS versions are affected by the vulnerability?

  • FortiOS-6K7K version 7.0.10
  • FortiOS-6K7K version 7.0.5
  • FortiOS-6K7K version 6.4.12
  • FortiOS-6K7K version 6.4.10
  • FortiOS-6K7K version 6.4.8
  • FortiOS-6K7K version 6.4.6
  • FortiOS-6K7K version 6.4.2
  • FortiOS-6K7K version 6.2.9 – 6.2.13
  • FortiOS-6K7K version 6.2.6 – 6.2.7
  • FortiOS-6K7K version 6.2.4
  • FortiOS-6K7K version 6.0.12 – 6.0.16
  • FortiOS-6K7K version 6.0.10
  • FortiProxy version 7.2.0 – 7.2.3
  • FortiProxy version 7.0.0 – 7.0.9
  • FortiProxy version 2.0.0 – 2.0.12
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions
  • FortiOS version 7.2.0 – 7.2.4
  • FortiOS version 7.0.0 – 7.0.11
  • FortiOS version 6.4.0 – 6.4.12
  • FortiOS version 6.0.0 – 6.0.16

Solace Cyber recommendations

The disclosure of this vulnerability would likely assist adversaries in leveraging it, so its highly recommended that patches are applied before further exploitation of the vulnerability takes place.


Above all, we strongly advise you to apply updates to the following applications:

  • FortiOS-6K7K version 7.0.12 or above
  • FortiOS-6K7K version 6.4.13 or above
  • FortiOS-6K7K version 6.2.15 or above
  • FortiOS-6K7K version 6.0.17 or above
  • FortiProxy version 7.2.4 or above
  • FortiProxy version 7.0.10 or above
  • FortiProxy version 2.0.13 or above
  • FortiOS version 7.4.0 or above
  • FortiOS version 7.2.5 or above
  • FortiOS version 7.0.12 or above
  • FortiOS version 6.4.13 or above
  • FortiOS version 6.2.14 or above
  • FortiOS version 6.0.17 or above

Solace Cyber can support your efforts in upgrading to the latest software versions. Additionally, our cyber security specialists can conduct forensic analysis to detect and determine the cause of a security incident and support recovery plans.

Get help with a VPN vulnerability

Solace Cyber offers expert assistance in managing a VPN exploitation.