Security News > 2023 > July > You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug
More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that's being exploited in the wild.
Fortinet disclosed the flaw last month and noted that the issue, which it tracks as FG-IR-23-097, "May have been exploited in a limited number of cases and we are working closely with customers to monitor the situation."
On Friday, Bishop Fox said its searches revealed nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, and about 69 percent of these remain unpatched.
The team shared a screen capture of their exploit for CVE-2023-27997 in action, which Gross said "Smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary, and opens an interactive shell."
Patches were issued on June 8, and Lexfo detailed the flaw and the exploit process on June 13.
For its exploit the Bishop Fox team said they added a few extra steps and achieved a "Significantly faster" exploit compared to Lexfo's exploit of an Intel x64 device.
News URL
Related news
- The ongoing evolution of the CIS Critical Security Controls (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-27997 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |