Background / What has happened?
A Remote Code Execution vulnerability (CVE-2023-27997) has been identified in multiple versions of Fortinet Fortigate devices when SSL-VPN enabled.
Fortigate is a widely used type of Next-Generation Firewall device.
Exploiting a URL parameter in FortiOS SSL-VPN may lead to a heap-based buffer overflow that allows execution of arbitrary code. The vulnerability affects requests in the SSL-VPN pre-authentication phase.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of successful exploitation attempts against Australian organisations.
Affected Australian organisations should apply the available patches immediately, and investigate for signs of compromise.
Mitigation / How do I stay secure?
Australian organisations that use Fortigate devices should review their patch status and update to the latest version.
Affected Products
At least:
- 7.2.0 through 7.2.4
- 7.0.0 through 7.0.11
- 6.4.0 through 6.4.12
- 6.2.0 through 6.2.13
- 6.0.0 through 6.0.16
Solutions
- Please upgrade to FortiOS version 7.4.0 or above
- Please upgrade to FortiOS version 7.2.5 or above
- Please upgrade to FortiOS version 7.0.12 or above
- Please upgrade to FortiOS version 6.4.13 or above
- Please upgrade to FortiOS version 6.2.14 or above
- Please upgrade to FortiOS version 6.0.17 or above
Workaround
Disable SSL-VPN for products using the affected FortiOS versions.
For further information, please view the Fortinet blog post regarding this vulnerability.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).