Fortinet releases patches to fix a serious vulnerability in FortiGate firewalls
Critical vulnerability CVE-2023-27997 discovered by a Lexfo researcher could allow remote code execution if exploited by a threat actor
Fortinet has released a series of patches to fix a critical security vulnerability in its FortiGate firewalls. The aforementioned vulnerability could be exploited by a threat actor to remotely execute code. Lexfo security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend that the vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on any VPN appliance SSL".
Vulnerability details not yet released
At this time, no details about the security vulnerability have been released and Fortinet has yet to release an advisory, although the network security firm is expected to release more details in the coming days. However, French cybersecurity firm Olympe Cyberdefense said in an independent advisory that the issue has been resolved in versions 6.2.15, 6.4.13, 7.0.12 and 7.2.5.
Potential threat and need for quick fixes
The French company also highlighted that "the flaw would allow a hostile agent to interfere via the VPN, even if multi-factor authentication is activated". Considering that Fortinet flaws have proven to be a lucrative attack vector for threat actors in recent years, users are strongly advised to apply fixes as soon as possible to mitigate potential risks. This advisory comes as Cisco and VMware have also released updates to address critical vulnerabilities that could lead to privilege escalation and code execution.
Fortinet statement and responsible disclosure practices
Following the publication of the news, Fortinet shared the following statement: “Timely and ongoing communication with our customers is a key element in our efforts to better protect and secure their organization. There are instances where advanced confidential communications with customers can include an early warning on advisories to allow customers to further strengthen their security posture, before the advisory is publicly released to a wider audience.This process follows best practices for responsible disclosure to ensure that Our customers have the timely information they need to help them make informed risk-based decisions."
Follow us on Google News for more pills like this06/12/2023 08:14
Editorial AI