Security researchers warn that hundreds of thousands of Fortinet firewalls are vulnerable to cyber attacks. The firewalls have not yet been patched after a critical vulnerability was discovered in June.
According to Bishop Fox, 490,000 affected devices are open to the Internet, some 69% of which have not yet been patched. Fortinet has already released a patch to address the CVE-2023-27997 vulnerability, however.
Heap overflow
The vulnerability is in the operating system, FortiOS. The vulnerability is ranked as very critical and causes a “heap overflow”. This allows hackers to perform a remote code execution attack and run arbitrary code on affected systems. This enables contact with a C&C server, after which a downloaded binary opens an interactive shell on the affected device.
The CVE-2023-27997 vulnerability primarily targets the secure sockets layer virtual private network interfaces in the affected devices. This is not the first time the SSL-VPN layer in FortiOS has suffered from a vulnerability. Late last year, this feature was also hit by a vulnerability.
The experts at Bishop Fox are calling for the published patch to be implemented as soon as possible.