Security News > 2023 > June > Fortinet squashes hijack-my-VPN bug in FortiOS gear
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment.
Fortinet has warned the bug looks to have been exploited in the wild already.
"This is reachable pre-authentication, on every SSL VPN appliance," Fol tweeted, adding that Fortinet has released multiple updates for FortiOS and FortiProxy to close the SSL-VPN hole.
In the meantime, there's a write-up here on Fortinet's website regarding CVE-2023-27997 that you should check out if you use any affected FortiOS gear.
Fortinet disclosed an SSL-VPN flaw in December, for what it's worth, and at the time said it was aware of "An instance" where the bug had been exploited.
Details emerged of suspected Chinese spies making use of another critical Fortinet bug, and also using custom networking malware to steal credentials and maintain network access.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/12/fortinet_fixes_critical_rce_bug/
Related news
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-13 | CVE-2023-27997 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |