Security
Headlines
HeadlinesLatestCVEs

Headline

Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

By Deeba Ahmed The vulnerability has a CVSS score of 9.8 out of 10, is a critical security bug that affects Fortinet appliances and has been actively exploited in the wild. This is a post from HackRead.com Read the original post: Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

HackRead
#vulnerability#ios#rce#auth#zero_day#ssl

With a staggering count of 490,000 SSL VPN interfaces vulnerable and readily accessible on the internet, the urgency becomes apparent.

There has never been a dearth of security flaws in Fortinet products, which is why cybercriminals consider them lucrative attack vectors.

The latest discovery adds to the woes of Fortinet users because Bishop Fox security researchers report that out of the total 490,000 public internet-exposed Fortinet FortiOS and FortiProxy SSL-VPNs interfaces scanned by Shodan, 69% are vulnerable to a dangerous RCE (remote code execution) vulnerability (CVE-2023-27997).

This means that around 330,000 Fortinet FortiGate firewalls are unpatched and vulnerable to this flaw.

The Discovery of the Flaw

Bishop Fox researchers found out that only 153,414 of the appliances have been patched with the FortinetOS version. That’s not all. Researchers also discovered that most publicly accessible Fortinet appliances hadn’t been patched in the last eight years and are running FortiOS versions 5 and 6.

If only 153,414 devices on the internet are patched, that leaves 335,923 – 489,337 – 69 unpatched. This is certainly concerning, researchers wrote in their report published on June 30, 2023.

BishopFox Exploit: Remote code execution via CVE-2023-27997

The Capability Development team at Bishop Fox made the discovery after creating an exploit for CVE-2023-27997 and continuing to test Cosmos customers. The exploit easily smashed the heap, connected to the attacker’s C2 server, downloaded a BusyBox binary, and opened an interactive shell.

What is CVE-2023-27997

For your information, CVE-2023-27997, which has a CVSS score of 9.8 out of 10, is a critical security bug that affects Fortinet appliances and has been actively exploited in the wild. This flaw was discovered by researchers Charles Fol and Dan Bach from security firm Lexfo, who tweeted about it on June 11th.

The issue allows attackers to execute arbitrary code or commands through custom-designed requests. Essentially, it is a heap overflow flaw that primarily targets the Secure Sockets Layer Virtual Private Networks of Fortinet products.

Fortinet’s Response

Fortinet addressed this critical flaw on June 12th by releasing patches for the FortiOS firmware versions 7.0.12, 7.2.5, 6.4.13, and 6.2.15. The company also admitted that this vulnerability may have been exploited in the wild in a limited number of cases in targeted attacks against critical infrastructure, government, and manufacturing sectors.

“You should patch yours now,” wrote report author and Capability Development team’s director, Caleb Gross.

RELATED ARTICLES

  1. Hackers leak login credentials of vulnerable Fortinet SSL VPNs
  2. Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products
  3. Hackers dump login credentials of Fortinet VPN users in plain-text
  4. Hackers exploiting critical vulnerabilities in Fortinet VPN – FBI-CISA

Related news

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear,

Fortinet FortiOS Out-Of-Bounds Write

Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7.

Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched. CVE-2023-27997

Researchers Develop Exploit Code for Critical Fortinet VPN Bug

Some 340,000 FortiGate SSL VPN appliances remain exposed to the threat more than three weeks after Fortinet released firmware updates to address the issue.

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been described as a case of Java untrusted object deserialization. "A deserialization of untrusted data

CISA Order Highlights Persistent Risk at Network Edge

The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Fortinet: Patched Critical Flaw May Have Been Exploited

Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.

CVE-2023-27997: Fortiguard

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend. Details