Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

12 June 2023 [NO.TCSA : 20230612-1-1-P]

PUBLISHED:
12 June 2023

Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

Fortinet, a leading provider of network security appliances, recently issued firmware updates for its FortiGate devices to address a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices. The vulnerability, assigned the identifier CVE-2023-27997, if exploited, could allow a hostile agent to interfere with the VPN, even when multi-factor authentication (MFA) is activated.

Affected Versions

The vulnerability affects all versions of Fortigate SSL-VPN devices. However, it is believed that all previous versions are likely exposed to this vulnerability.

Mitigation

Fortinet has released security patches for the affected versions. It is highly recommended that administrators apply these updates as soon as possible. The patches can be found in the latest FortiOS firmware updates.

More Information

16 April 2024 [NO.TCSA : 20240416-1-1-P]

Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect

READ MORE READ MORE
9 February 2024 [NO.TCSA : 20240209-1-1-P]

Critical Remote Code Execution Vulnerability Found in FortiOS SSL VPN

READ MORE READ MORE
13 July 2023 [NO.TCSA : 20230713-1-1-P]

Fortinet Patches Critical Remote Code Execution Vulnerability in FortiOS/FortiProxy

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN