THREAT ALERT
Monday, June 12th, 2023
On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls.
Summary
On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls. Fortinet has issued an urgent security alert, urging users to take immediate action to mitigate the risk and protect their networks from potential exploitation.
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Exploitation
Remote Code Execution vulnerabilities are considered highly severe because they enable unauthorized individuals to execute arbitrary commands or code remotely. In the case of this newly discovered flaw, it allows attackers to exploit the vulnerability in FortiGate firewalls and potentially gain control over the affected devices. Once compromised, an attacker could execute malicious code, access sensitive data, or launch further attacks within the network.
CISA and Fortinet’s Response and Security Recommendations
Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system.
Upon discovering the RCE flaw, Fortinet acted swiftly to address the issue and protect its customers. The company has released an emergency security advisory highlighting the critical nature of the vulnerability and providing guidance on remediation. Organizations using FortiGate firewalls are strongly advised to follow these recommendations:
Affected Products
DefenseStorm Recommendations
Continuous research is being conducted for all newly discovered or recurring malware and ransomware.
As always, DefenseStorm recommends the following practices to help secure your environment:
Additional Resources
If your organization utilizes a Fortinet appliance, DefenseStorm recommends reviewing the below resource and applying all appropriate patches: Fortinet Releases Security Updates for FortiOS and FortiProxy
Sources: