Over 338K FortiGate firewalls remain unpatched to critical bug

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

A critical vulnerability in FortiGate firewalls, known as CVE-2023-27997, has left more than 338,000 devices exposed to potential exploitation.

The flaw, which allows for remote code execution, was patched by Fortinet last month, but a significant number of devices have yet to be updated.

Infosec company Bishop Fox has even developed an example exploit to demonstrate the severity of the vulnerability.

Rated 9.8 out of 10 in terms of CVSS severity, the heap-based buffer overflow vulnerability affects FortiOS and FortiProxy devices with SSL-VPN enabled.

The flaw enables attackers to achieve remote code execution and take control of the network equipment. Bishop Fox has warned users to take immediate action and patch their devices.

Despite Fortinet’s release of firmware updates, and the company’s urging of customers to take immediate action, a significant number of devices remain unpatched.

Bishop Fox conducted searches using Shodan.io and discovered almost 490,000 Fortinet SSL-VPN interfaces exposed on the internet. Shockingly, approximately 69 percent (338,100) of these devices were found to be unpatched.

Example exploit

Bishop Fox shared an example exploit for CVE-2023-27997, showcasing the severity of the vulnerability.

The exploit involves smashing the heap, establishing a connection to an attacker-controlled server, downloading a BusyBox binary, and opening an interactive shell.

The Bishop Fox team reported achieving a “significantly faster” exploit compared to an earlier one developed by Lexfo, an independent French security firm.

The vulnerability was initially discovered and privately disclosed to Fortinet by Charles Fol and Dany Bach from Lexfo.

Fortinet released patches on June 8 and Lexfo subsequently provided details of the flaw and the exploit process on June 13.

CVE-2023-27997 poses a significant risk to network security. With over 338,000 devices still unpatched, the potential for exploitation is alarming. Fortinet users are strongly urged to update their firmware immediately to protect their systems from remote code execution attacks.

(Photo by FLY:D on Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *