Monday, Fortinet released CVE-2023-27997.  Fortinet users with SSL VPN enabled should be aware of a critical vulnerability that could compromise network security. CVE-2023-27997 is a heap-based buffer overflow bug that allows unauthenticated, remote attackers to execute arbitrary code or commands via specially crafted requests. An attacker could potentially take over your device, access your data, or launch attacks on your network.

The vulnerability affects FortiOS with SSL VPN enabled, and it has been assigned a CVSS score of 9.8 out of 10, indicating a high level of severity. Fortinet PSIRT discovered the vulnerability during a code audit and by a third-party researcher who reported it responsibly. Fortinet has published a PSIRT advisory and released firmware updates to address the issue.

The best way to protect your devices from this vulnerability is to apply the firmware updates as soon as possible. You can find the list of affected versions and the corresponding patches in the PSIRT advisory here. If you cannot update your firmware immediately, you should disable SSL VPN until you can. You should also monitor your devices for signs of compromise, such as unusual network activity, unauthorized accounts, or modified files.

Secure Cyber Defense Managed Network Clients have been contacted, and remediations are underway.  Our Managed Network service helps clients protect their networks from cyber threats like Volt Typhoon and provides 24/7 monitoring.  With Secure Cyber Defense, clients can reduce the risk of data breaches, improve their overall cybersecurity posture, and focus on their core business. 

If cybersecurity gaps are keeping you up at night, we can help.  Contact Kyle Zech for more information.  

Chad Robinson 

CISO/VP of Advisory  

Secure Cyber Defense