THREAT ALERT

Vulnerability – Fortinet Releases Security Updates for FortiOS and FortiProxy

Monday, June 12th, 2023

VIEW ALL THREAT ALERTS

Cyber security risk management solutions from DefenseStorm.

On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls.

Summary

On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls. Fortinet has issued an urgent security alert, urging users to take immediate action to mitigate the risk and protect their networks from potential exploitation.

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Exploitation

Remote Code Execution vulnerabilities are considered highly severe because they enable unauthorized individuals to execute arbitrary commands or code remotely. In the case of this newly discovered flaw, it allows attackers to exploit the vulnerability in FortiGate firewalls and potentially gain control over the affected devices. Once compromised, an attacker could execute malicious code, access sensitive data, or launch further attacks within the network.

CISA and Fortinet’s Response and Security Recommendations

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system.

Upon discovering the RCE flaw, Fortinet acted swiftly to address the issue and protect its customers. The company has released an emergency security advisory highlighting the critical nature of the vulnerability and providing guidance on remediation. Organizations using FortiGate firewalls are strongly advised to follow these recommendations:

Affected Products

  • FortiOS-6K7K version 7.0.10
  • FortiOS-6K7K version 7.0.5
  • FortiOS-6K7K version 6.4.12
  • FortiOS-6K7K version 6.4.10
  • FortiOS-6K7K version 6.4.8
  • FortiOS-6K7K version 6.4.6
  • FortiOS-6K7K version 6.4.2
  • FortiOS-6K7K version 6.2.9 through 6.2.13
  • FortiOS-6K7K version 6.2.6 through 6.2.7
  • FortiOS-6K7K version 6.2.4
  • FortiOS-6K7K version 6.0.12 through 6.0.16
  • FortiOS-6K7K version 6.0.10
  • At least
  • FortiProxy version 7.2.0 through 7.2.3
  • FortiProxy version 7.0.0 through 7.0.9
  • FortiProxy version 2.0.0 through 2.0.12
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions
  • At least
  • FortiOS version 7.2.0 through 7.2.4
  • FortiOS version 7.0.0 through 7.0.11
  • FortiOS version 6.4.0 through 6.4.12
  • FortiOS version 6.0.0 through 6.0.16

DefenseStorm Recommendations

Continuous research is being conducted for all newly discovered or recurring malware and ransomware.

As always, DefenseStorm recommends the following practices to help secure your environment:

  • Keep all systems and software updated to the latest patched versions to best protect against all known security vulnerabilities.
  • Maintain a strong password policy.
  • Enable multi-factor authentication where possible .
  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.
  • User app hardening.
  • Restrict administrative privileges .

Additional Resources

If your organization utilizes a Fortinet appliance, DefenseStorm recommends reviewing the below resource and applying all appropriate patches: Fortinet Releases Security Updates for FortiOS and FortiProxy

Sources:

  1. hxxps://www.fortiguard.com/psirt-monthly-advisory/june-2023-vulnerability-advisories
  2. hxxps://www.cisa.gov/news-events/alerts/2023/06/13/fortinet-releases-june-2023-vulnerability-advisories

Diana Rodriguez

Cyber Threat Intelligence Engineer

Diana Rodriguez is a Cyber Threat Intelligence Engineer for DefenseStorm. She joined DefenseStorm in 2019 with 9.5 years of experience in cybersecurity and banking. Diana’s career began at Wells Fargo where she played a pivotal role in protecting financial institutions. Over the 5 years with Wells Fargo, she held diverse positions there, first starting as a teller, then transitioning to become a financial crime analyst, and eventually a cyber security analyst. This experience provided her with a comprehensive understanding of the intricacies of the banking industry and the critical importance of cybersecurity in protecting sensitive data. Diana holds a Bachelor’s degree in computer science from UNCC and a Master’s Degree in Cybersecurity from UNC at Chapel Hill. She completed the MITRE ATT&CK® Defender certifications which provided her with the expertise to effectively apply knowledge of adversary behaviors, enhancing security configurations, analytics, and decision-making to provide the utmost protection for DefenseStorm’s clients. Diana also holds the GIAC Certified Incident Handler and NSE1, and NSE2. During her tenure at DefenseStorm, she has become proficient in the platform, taking an active role in proactively detecting and responding to cyber threats. She’s played a vital role in developing new policies and advanced analytics to detect and prevent potential attacks effectively while educating and empowering customers to optimize the DefenseStorm services to fortify their security measures.