Just before the June patch day, Fortinet released updates to the FortiOS operating system. In it, the developers close a security hole in the SSL VPN that attackers can use to inject and execute malicious code from the network.
As one of the discoverers of the vulnerability, Charles Fol, writes on Twitter, the vulnerability on any SSL VPN appliance can be exploited by attackers without prior authentication. The CVE number CVE-2023-27997 has already been reserved for this, but according to Fol, details will follow later. A CVSS value for assessing the risk is also still missing.
FortiOS Vulnerability: Preliminary Security Advisory
The Fortinet website does not yet contain any information about the vulnerability. They should be a preliminary Security notification on the Olympe Cyberdefense page according to be released on June 13th. That would coincide with the regular Fortinet patchday in June. According to the description in the preliminary security advisory, attackers can also bypass a possibly activated multi-factor authentication (MFA) with the vulnerability.
The bug-fixed version of FortiOS are 6.2.15, 6.4.13, 7.0.12 and 7.2.5 or newer. According to information from the network, there is also an update to the version 6.0.17. There FortiOS 6.0 actually at the end of life is, the update of the old version is surprising. IT managers should apply the available updates quickly to minimize the attack surface.
Fortinet recently distributed security updates for the May patch day. Two of them have closed vulnerabilities classified as high risk.
(dmk)