Highlights:

  • CVE-2023-27997, a critical vulnerability known as a “heap overflow,” has been discovered in FortiOS, the operating system utilized by FortiGate firewalls.
  • The researchers strongly recommend that all users of Fortinet FortiGate firewalls promptly install the provided patch.

At Bishop Fox LLC, security researchers recently issued a cautionary statement about the persisting vulnerability of hundreds of thousands of Fortinet Inc. firewalls. Despite disclosing a critical vulnerability in June, these devices were not patched, exposing them to potential attacks.

CVE-2023-27997, a critical vulnerability known as a “heap overflow,” has been discovered in FortiOS, the operating system utilized by FortiGate firewalls. This vulnerability, rated with a severity level of 9.8 Critical, enables remote code execution and the potential for running arbitrary code on a vulnerable system.

The vulnerability impacts the system’s secure sockets layer virtual private network interfaces. Bishop Fox researchers say approximately 490,000 of these interfaces are exposed online. Despite the availability of a patch from Fortinet, an alarming 69% of these interfaces remain unpatched, exposing them to potential exploits.

To demonstrate the severity of the vulnerability, Bishop Fox’s Capability Development team crafted an exploit. This exploit involves the remote execution of code that compromises the target system, enabling it to establish a connection with a server controlled by an attacker. Upon establishing a connection, the exploit downloads a binary and opens an interactive shell on the targeted device.

The researchers strongly recommend that all users of Fortinet FortiGate firewalls promptly install the provided patch.

According to Timothy Morris, the Chief Security Advisor at Tanium Inc., an endpoint management company, “The seriousness of this cannot be understated. Sysadmins should patch as quickly as possible.”

Given the gravity of the vulnerability, Morris emphasized the importance of patching firmware, even though it can be more challenging and carry higher risks, especially when dealing with appliances that operate as application gateways.

Andre van der Walt, the Director of Threat Intelligence at Ontinue Inc., a managed detection and response firm, emphasized that detecting significant FortiGate vulnerabilities is not an isolated occurrence but a recurring pattern.

Andre van der Walt said, “While the findings from Bishop Fox are shocking, they are not surprising as it mirrors the overall trend in patching lagging significantly behind addressing new exposure in the attack surface, regardless of the technology in question. This serves as a timely reminder that organizations need to put in place robust vulnerability management measures that identify, prioritize, and addresses urgent vulnerabilities like these. Ultimately, security systems also need to be actively maintained to a high level.”