Fortinet has recently released firmware updates for its Fortigate devices, addressing a critical remote code execution (RCE) vulnerability in SSL VPN devices. Fortinet avoided raising eyebrows by quietly including the latest FortiOS firmware versions, which include 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
Although not explicitly mentioned in the release notes, cybersecurity professionals and administrators have hinted that these updates address a critical SSL-VPN RCE vulnerability scheduled for disclosure on June 13, 2023.
French cybersecurity firm Olympe Cyberdefense has highlighted that the flaw could enable malicious agents to interfere via the VPN, even when activated by multi-factor authentication (MFA).
“The flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated. To date, all versions would be affected; we are waiting for the release of the CVE on June 13, 2023, to confirm this information.”
Furthermore, additional information regarding the vulnerability got disclosed by vulnerability researchers from Lexfo Security. Charles Fol and Rioru reported the RCE vulnerability (CVE-2023-27997), now patched in the new FortiOS updates. Fol emphasized the urgency of applying the patch, as threat actors will likely analyze and exploit the vulnerability soon.
Fortinet’s tradition is to release security patches before publicly disclosing critical vulnerabilities, allowing customers to update their devices before potential exploitation by threat actors. Fortigate devices are widely used for firewalls and VPNs, making them attractive attack targets. A Shodan search reveals that over 250,000 Fortigate firewalls are accessible over the Internet, with many potentially exposed to the vulnerability.
In the past, threat actors have quickly exploited SSL-VPN flaws, often leading to data theft and ransomware attacks shortly after the release of patches.
As a result, administrators got strongly advised to promptly apply the Fortinet security updates as soon as they become available.
Aside from these known details about the situation, Fortinet has yet to give anyone more insight into the problem, but they intend to do so soon.
