Replace 6/11/23: Fortinet assertion added under.
Fortinet has launched new Fortigate firmware updates that repair an undisclosed, important pre-authentication distant code execution vulnerability in SSL VPN units.
The safety fixes have been launched on Friday in FortiOS firmware variations 6.0.17, 6.2.15, 6.4.13, 7.0.12, and seven.2.5.
Whereas not talked about within the launch notes, safety professionals and admins have hinted that the updates quietly fastened a important SSL-VPN RCE vulnerability that may be disclosed on Tuesday, June thirteenth, 2023.
“The flaw would enable a hostile agent to intervene through the VPN, even when the MFA is activated,” reads an advisory from French cybersecurity agency Olympe Cyberdefense.
“Up to now, all variations can be affected, we’re ready for the discharge of the CVE on June 13, 2023 to verify this info.”
Fortinet is thought to push out safety patches previous to disclosing important vulnerabilities to provide prospects time to replace their units earlier than menace actors reverse engineer the patches.
At this time, further info was disclosed by Lexfo Safety vulnerability researcher Charles Fol, who informed BleepingComputer that the brand new FortiOS updates embrace a repair for a important RCE vulnerability found by him and Rioru.
“Fortinet revealed a patch for CVE-2023-27997, the Distant Code Execution vulnerability @DDXhunter and I reported,” reads a tweet by Fol.
“That is reachable pre-authentication, on each SSL VPN equipment. Patch your Fortigate. Particulars at a later time. #xortigate.”
Fol confirmed to BleepingComputer that this ought to be thought of an pressing patch for Fortinet admins as its more likely to be shortly analyzed and found by menace actors.
Fortinet units are among the hottest firewall and VPN units out there, making them a well-liked goal for assaults.
Per a Shodan search, over 250,000 Fortigate firewalls will be reached from the Web, and as this bug impacts all earlier variations, the bulk are seemingly uncovered.
Previously, SSL-VPN flaws have been exploited by menace actors simply days after patches are launched, generally used to realize preliminary entry to networks to conduct information theft and ransomware assaults.
Subsequently, admins should apply Fortinet safety updates as quickly as they grow to be out there.
BleepingComputer has contacted Fortinet to be taught extra in regards to the updates, however a reply was not instantly out there.
Replace 6/11/23 8:35 PM ET: Fortinet shared the next assertion with BleepingComputer after contacting them about whether or not the bug was exploited.
“Well timed and ongoing communications with our prospects is a key element in our efforts to finest shield and safe their group. There are cases the place confidential advance buyer communications can embrace early warning on Advisories to allow prospects to additional strengthen their safety posture, previous to the Advisory being publicly launched to a broader viewers. This course of follows finest practices for accountable disclosure to make sure our prospects have the well timed info they should assist them make knowledgeable risk-based selections. For extra on Fortinet’s accountable disclosure course of, go to the Fortinet Product Safety Incident Response Group (PSIRT) web page: https://www.fortiguard.com/psirt_policy.”