- Vulnerability/
- CVE-2023-27997
12/6/2023
13/6/2023
13/6/2023
23/10/2024
CVE-2023-27997: Heap buffer overflow in sslvpn pre-authentication
First published: Mon Jun 12 2023(Updated: )
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. ## Workaround: Disable SSL-VPN.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.12 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.9 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.3 | |
| Fortinet FortiOS | >=6.0.0<=6.0.16 | |
| Fortinet FortiOS | >=6.2.0<=6.2.13 | |
| Fortinet FortiOS | >=6.4.0<=6.4.12 | |
| Fortinet FortiOS | >=7.0.0<=7.0.11 | |
| Fortinet FortiOS | >=7.2.0<=7.2.4 | |
| All of | ||
| Any of | ||
| Fortinet FortiOS | >=6.0.12<=6.0.16 | |
| Fortinet FortiOS | >=6.2.9<=6.2.13 | |
| Fortinet FortiOS | =6.0.10 | |
| Fortinet FortiOS | =6.2.4 | |
| Fortinet FortiOS | =6.2.6 | |
| Fortinet FortiOS | =6.2.7 | |
| Fortinet FortiOS | =6.4.2 | |
| Fortinet FortiOS | =6.4.6 | |
| Fortinet FortiOS | =6.4.8 | |
| Fortinet FortiOS | =6.4.10 | |
| Fortinet FortiOS | =6.4.12 | |
| Fortinet FortiOS | =7.0.5 | |
| Fortinet FortiOS | =7.0.10 | |
| Any of | ||
| Fortinet Fortigate 6000 | ||
| Fortinet Fortigate 7000 | ||
| Fortinet FortiOS and FortiProxy SSL-VPN | ||
| Fortinet FortiOS-6K7K | >=6.2.10<=6.2.13 | |
| Fortinet FortiOS-6K7K | =6.0.10 | |
| Fortinet FortiOS-6K7K | =6.0.12 | |
| Fortinet FortiOS-6K7K | =6.0.13 | |
| Fortinet FortiOS-6K7K | =6.0.14 | |
| Fortinet FortiOS-6K7K | =6.0.15 | |
| Fortinet FortiOS-6K7K | =6.0.16 | |
| Fortinet FortiOS-6K7K | =6.2.4 | |
| Fortinet FortiOS-6K7K | =6.2.6 | |
| Fortinet FortiOS-6K7K | =6.2.7 | |
| Fortinet FortiOS-6K7K | =6.2.9 | |
| Fortinet FortiOS-6K7K | =6.4.2 | |
| Fortinet FortiOS-6K7K | =6.4.6 | |
| Fortinet FortiOS-6K7K | =6.4.8 | |
| Fortinet FortiOS-6K7K | =6.4.10 | |
| Fortinet FortiOS-6K7K | =6.4.12 | |
| Fortinet FortiOS-6K7K | =7.0.5 | |
| Fortinet FortiOS-6K7K | =7.0.10 |
Remedy
Please upgrade to FortiOS-6K7K version 7.0.12 or above Please upgrade to FortiOS-6K7K version 6.4.13 or above Please upgrade to FortiOS-6K7K version 6.2.15 or above Please upgrade to FortiOS-6K7K version 6.0.17 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.14 or above Please upgrade to FortiOS version 6.0.17 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/
- https://www.theregister.com/2024/03/18/more_than_133000_fortinet_appliances/
- https://fortiguard.com/psirt/FG-IR-23-097
- https://www.fortiguard.com/psirt/cvrf/FG-IR-23-097
- https://www.fortiguard.com/psirt/FG-IR-23-097
- https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
- https://www.fortiguard.com/psirt/FG-IR-23-097;
- https://nvd.nist.gov/vuln/detail/CVE-2023-27997
- https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- agent/type
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-21762
- alias/CVE-2024-23108
- alias/CVE-2024-23109
- alias/CVE-2023-34992
- alias/CVE-2022-42475
- alias/CVE-2023-27997
- agent/severity
- agent/first-publish-date
- alias/CVE-2023-48788
- alias/CVE-2023-42789
- alias/CVE-2023-36554
- alias/CVE-2023-47534
- collector/the-register
- source/The Register
- alias/CVE-2022-40684
- zeroday/true
- agent/news-ai
- agent/title
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/fortiguard-psirt
- source/FortiGuard
- agent/description
- alias/FG-IR-23-130
- agent/author
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/softwarecombine
- collector/nvd-cve
- alias/CVE-2023-28121
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- alias/CVE-2024-47575
- alias/FG-IR-24-423
- agent/references
- agent/tags
- agent/event
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- vendor/fortinet
- canonical/fortinet fortios-6k7k
- version/fortinet fortios-6k7k/6.2.10
- version/fortinet fortios-6k7k/6.2.13
- version/fortinet fortios-6k7k/6.0.10
- version/fortinet fortios-6k7k/6.0.12
- version/fortinet fortios-6k7k/6.0.13
- version/fortinet fortios-6k7k/6.0.14
- version/fortinet fortios-6k7k/6.0.15
- version/fortinet fortios-6k7k/6.0.16
- version/fortinet fortios-6k7k/6.2.4
- version/fortinet fortios-6k7k/6.2.6
- version/fortinet fortios-6k7k/6.2.7
- version/fortinet fortios-6k7k/6.2.9
- version/fortinet fortios-6k7k/6.4.2
- version/fortinet fortios-6k7k/6.4.6
- version/fortinet fortios-6k7k/6.4.8
- version/fortinet fortios-6k7k/6.4.10
- version/fortinet fortios-6k7k/6.4.12
- version/fortinet fortios-6k7k/7.0.5
- version/fortinet fortios-6k7k/7.0.10
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.12
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.9
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.3
- canonical/fortinet fortios
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.16
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.13
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.12
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.11
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.4
- version/fortinet fortios/6.0.12
- version/fortinet fortios/6.2.9
- version/fortinet fortios/6.0.10
- version/fortinet fortios/6.2.4
- version/fortinet fortios/6.2.6
- version/fortinet fortios/6.2.7
- version/fortinet fortios/6.4.2
- version/fortinet fortios/6.4.6
- version/fortinet fortios/6.4.8
- version/fortinet fortios/6.4.10
- version/fortinet fortios/7.0.5
- version/fortinet fortios/7.0.10
- canonical/fortinet fortigate 6000
- canonical/fortinet fortigate 7000
- canonical/fortinet fortios and fortiproxy ssl-vpn