CVE-2023-27997

Vulnerability updated a month ago (2024-11-29T14:34:07.770Z)

Download STIX

Preview STIX

CVE-2023-27997 is a critical vulnerability (with a CVSS score of 9.2) in FortiOS and FortiProxy, which could lead to remote code execution (RCE). This flaw, discovered in the software design or implementation, was reportedly exploited by Volt Typhoon, a state-sponsored actor based in China, as part of their LODEINFO Campaign #2 in 2023. The exploit was also found being used against other enterprise products such as Array AG (CVE-2023-28461) and Proself (CVE-2023-45727), highlighting a trend of these vulnerabilities being abused in the wild. Earlier in the month, Fortinet acknowledged that CVE-2023-27997 may have been abused in limited attacks targeting government, manufacturing, and critical infrastructure sectors. A subsequent scan of public internet-exposed Fortinet FortiOS and FortiProxy SSL-VPNs interfaces by Bishop Fox security researchers revealed that 69% of the total 490,000 interfaces scanned were vulnerable to this RCE vulnerability. Over 300,000 Fortinet firewalls were found to be at risk due to this vulnerability, adding to the concerns for Fortinet users. Despite Fortinet releasing security updates to patch the issue, more than 300,000 of FortiGate firewalls still remain unpatched against this critical remote execution flaw almost a month after the update. Among the 489,337 devices discovered by the query, there were varying degrees of vulnerability to CVE-2023-27997, known as Xortigate. Check Point IPS provides protection against this threat, however, the continued active exploitation of this vulnerability necessitates urgent attention and remediation from all Fortinet users.

Description last updated: 2024-11-21T10:28:40.621Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Fortinet

Exploit

Fortios

Fortigate

Fortiproxy

exploited

Vpn

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Volt Typhoon Threat Actor is associated with CVE-2023-27997. Volt Typhoon, a state-sponsored threat actor based in China, has been identified as a significant cybersecurity risk to critical infrastructure sectors in the United States. According to Microsoft and the Five Eyes cybersecurity and intelligence agencies, Volt Typhoon has compromised IT environments	Unspecified	4

Source Document References

Information about the CVE-2023-27997 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Recorded Future	15 days ago	Speed and Scale: How Threat Volume and Velocity Shape Cyber Risk Narratives for Governance Bodies
Trend Micro	a month ago	Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
CISA	a month ago	2023 Top Routinely Exploited Vulnerabilities \| CISA
CISA	4 months ago	#StopRansomware: RansomHub Ransomware \| CISA
CISA	5 months ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
Recorded Future	9 months ago	2023 Threat Analysis and 2024 Predictions \| Recorded Future
DARKReading	9 months ago	Patch Now: Critical Fortinet RCE Bug Under Active Attack
SANS ISC	9 months ago	Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability - SANS Internet Storm Center
CISA	9 months ago	Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices \| CISA
DARKReading	9 months ago	Fortinet Warns of Yet Another Critical RCE Flaw
Recorded Future	a year ago	Fortinet CVE-2023-27997: Impact and Mitigation Techniques
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	a year ago	Unpatched Fortinet Vulnerability Being Exploited by Threat Actors
Checkpoint	a year ago	10th July – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Cyber Security Week in Review: July 7, 2023
CERT-EU	a year ago	Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
CERT-EU	a year ago	335,000 Fortinet FortiGate firewalls used in the world could be hacked to install ransomware
CERT-EU	a year ago	Fortinet Bug: RUN — Don’t Walk — to Patch Critical RCE
CERT-EU	a year ago	Over 300,000+ Fortinet Firewalls are Vulnerable to a Critical RCE Flaw
CERT-EU	a year ago	Over Two-Thirds of FortiGate Firewalls Still at Risk