AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Fortinet releases patches to fix a serious vulnerability in FortiGate firewalls

Critical vulnerability CVE-2023-27997 discovered by a Lexfo researcher could allow remote code execution if exploited by a threat actor

This pill is also available in Italian language

Fortinet has released a series of patches to fix a critical security vulnerability in its FortiGate firewalls. The aforementioned vulnerability could be exploited by a threat actor to remotely execute code. Lexfo security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend that the vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on any VPN appliance SSL".

Vulnerability details not yet released

At this time, no details about the security vulnerability have been released and Fortinet has yet to release an advisory, although the network security firm is expected to release more details in the coming days. However, French cybersecurity firm Olympe Cyberdefense said in an independent advisory that the issue has been resolved in versions 6.2.15, 6.4.13, 7.0.12 and 7.2.5.

Potential threat and need for quick fixes

The French company also highlighted that "the flaw would allow a hostile agent to interfere via the VPN, even if multi-factor authentication is activated". Considering that Fortinet flaws have proven to be a lucrative attack vector for threat actors in recent years, users are strongly advised to apply fixes as soon as possible to mitigate potential risks. This advisory comes as Cisco and VMware have also released updates to address critical vulnerabilities that could lead to privilege escalation and code execution.

Fortinet statement and responsible disclosure practices

Following the publication of the news, Fortinet shared the following statement: “Timely and ongoing communication with our customers is a key element in our efforts to better protect and secure their organization. There are instances where advanced confidential communications with customers can include an early warning on advisories to allow customers to further strengthen their security posture, before the advisory is publicly released to a wider audience.This process follows best practices for responsible disclosure to ensure that Our customers have the timely information they need to help them make informed risk-based decisions."

Follow us on Google News for more pills like this

06/12/2023 08:14

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat