Fortinet has released critical security updates to address a heap-based buffer overflow vulnerability  (CVE-2023-27997, in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system.

Affected Systems

The following systems are affected, but not limited to:

• FortiOS versions: 7.2.4 and below, 7.0.11 and below, 6.4.12 and below,6.2.13 and below, 6.0.16 and below.

• FortiProxy versions: 7.2.3 and below, 7.0.9 and below, 2.0.12 and below, 1.2 (all versions), 1.1 (all versions).

Security Risks

The identified zero-day vulnerability (CVE-2023-27997) discovered in FortiOS and FortiProxy with SSL-VPN enabled poses a significant security risk, as it allows attackers to exploit a heap-based buffer overflow. This may enable remote attackers to execute arbitrary code or commands via specially crafted requests, potentially compromising the affected system.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow Fortinet Security Advisories. to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

     The released software version to upgrade to are:

• FortiOS versions: 7.4.0 or above, 7.2.5 or above, 7.0.12 or above, 6.4.13 or above, 6.2.14 or above, or 6.0.17 or above.

• FortiProxy versions: 7.2.4 or above, or 7.0.10 or above.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.fortiguard.com/psirt/FG-IR-23-097

• https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign

• https://nvd.nist.gov/vuln/detail/CVE-2023-27997