Fortinet has fixed a critical pre-authentication remote code execution vulnerability in SSL VPN devices with the release of new Fortigate firmware upgrades.
Versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware now include the security updates provided on Friday.
“A new critical flaw, not made public at this stage, concerns Fortinet on its Fortigate firewalls, more specifically the SSL VPN functionalities,” said French cybersecurity firm Olympe Cyberdefense.
“The flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated. To date, all versions would be affected, we are waiting for the release of the CVE on June 13, 2023, to confirm this information”.
Security experts and administrators have suggested that the upgrades secretly patched a serious SSL-VPN RCE vulnerability that would be made public on Tuesday, June 13th, 2023.
Charles Fol, a vulnerability researcher with Lexfo Security, revealed more information today. He informed BleepingComputer that the critical RCE vulnerability that he and Rioru found had been fixed in the most recent FortiOS updates.
“Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability @DDXhunter and I reported,” says Fol’s tweet.
“This is reachable pre-authentication, on every SSL VPN appliance. Patch your Fortigate. Details at a later time. #xortigate.”
This fix has to be prioritized by Fortinet administrators, according to Fol, who also said that threat actors are likely to analyze and find it right away.
Since Fortinet products are among the most widely used firewall and VPN devices on the market, they are frequently the target of attacks.
Since this problem affects all prior versions, most of the approximately 250,000 Fortigate firewalls accessible from the Internet are probably vulnerable, according to a Shodan search.
Thus, administrators are required to install Fortinet security updates as soon as they are made available.
“At this time we are not linking FG-IR-23-097 to the Volt Typhoon campaign, however Fortinet expects all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices,” the company said.
By exploiting a zero-day vulnerability in Fortinet FortiGuard devices that are accessible via the Internet, Volt Typhoon has gained access to the networks of numerous enterprises in vital industries.
By ensuring their malicious activity is indistinguishable from legal network traffic, the threat actors are able to avoid detection through the use of compromised routers, firewalls, and VPN appliances from a variety of manufacturers.
“Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization. There are instances where confidential advance customer communications can include an early warning on Advisories to enable customers to further strengthen their security posture, prior to the Advisory being publicly released to a broader audience. This process follows best practices for responsible disclosure to ensure our customers have the timely information they need to help them make informed risk-based decisions. For more on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page”.
Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus
The post Critical Fortinet Flaw Let Attackers Execute Remote Code on SSL-VPN Devices appeared first on Cyber Security News.
Cyber Security News