Rewterz Threat Advisory – CVE-2023-27997 – Fortinet FortiGate and FortiOS Vulnerability

June 12, 2023

Severity

High

Analysis Summary

CVE-2023-27997

Fortinet FortiGate could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified flaw in the SSL VPN function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2023-20188

Affected Vendors

Fortinet

Affected Products

Fortinet FortiGate
Fortinet FortiOS 6.0.16
Fortinet FortiOS 6.2.14
Fortinet FortiOS 6.4.12
Fortinet FortiOS 7.0.11
Fortinet FortiOS 7.2.4

Remediation

Upgrade to the latest version of FortiOS, available from the Fortinet Web site.

Fortinet Web site

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us