Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

12 June 2023 [NO.TCSA : 20230612-1-1-P]

PUBLISHED:
12 June 2023

Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

Fortinet, a leading provider of network security appliances, recently issued firmware updates for its FortiGate devices to address a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices. The vulnerability, assigned the identifier CVE-2023-27997, if exploited, could allow a hostile agent to interfere with the VPN, even when multi-factor authentication (MFA) is activated.

Affected Versions

The vulnerability affects all versions of Fortigate SSL-VPN devices. However, it is believed that all previous versions are likely exposed to this vulnerability.

Mitigation

Fortinet has released security patches for the affected versions. It is highly recommended that administrators apply these updates as soon as possible. The patches can be found in the latest FortiOS firmware updates.

More Information

15 January 2025 [NO.TCSA : 20250115-1-1-E]

Auth Bypass Vulnerability Exploited in Wild to Hijack Fortinet Firewalls

READ MORE READ MORE
16 April 2024 [NO.TCSA : 20240416-1-1-P]

Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect

READ MORE READ MORE
9 February 2024 [NO.TCSA : 20240209-1-1-P]

Critical Remote Code Execution Vulnerability Found in FortiOS SSL VPN

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN