CVE-2023-27997

Vulnerability updated 4 months ago (2024-05-04T19:14:14.796Z)

Download STIX

Preview STIX

CVE-2023-27997 is a critical vulnerability, designated as a heap-based buffer overflow issue, impacting Fortinet's FortiOS and FortiProxy SSL-VPN products. The flaw, with a high CVSS score of 9.2, could potentially lead to remote code execution (RCE), allowing an attacker to execute arbitrary code or commands via specifically crafted requests. This vulnerability was acknowledged by Fortinet earlier this month and has reportedly been exploited in limited attacks targeting government, manufacturing, and critical infrastructure sectors. According to research conducted by Bishop Fox security researchers, out of the total 490,000 public internet-exposed Fortinet FortiOS and FortiProxy SSL-VPNs interfaces scanned by Shodan, 69% were found vulnerable to this RCE vulnerability. More than 300,000 FortiGate firewalls remain unpatched against this critical flaw, even almost a month after Fortinet released security updates to address the issue. Over 300,000 Fortinet firewalls were identified as being at risk due to this vulnerability. In response to the threat posed by CVE-2023-27997, Check Point IPS has provided protection against this vulnerability. Fortinet has also confirmed the active exploitation of this vulnerability and has subsequently patched it. Despite these measures, a significant number of devices remain unpatched, leaving them vulnerable to potential attacks. It is crucial for all users of affected Fortinet products to apply the necessary patches and ensure their systems are secure against this serious threat.

Description last updated: 2024-03-15T01:15:57.326Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Fortinet

Fortios

Fortigate

Fortiproxy

exploited

Vpn

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Volt Typhoon	Unspecified	3	Volt Typhoon, a notorious threat actor group associated with China, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) identified Volt Typhoon as routinely targeting ne

Source Document References

Information about the CVE-2023-27997 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	18 days ago	#StopRansomware: RansomHub Ransomware \| CISA
CISA	a month ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
Recorded Future	5 months ago	2023 Threat Analysis and 2024 Predictions \| Recorded Future
DARKReading	6 months ago	Patch Now: Critical Fortinet RCE Bug Under Active Attack
SANS ISC	6 months ago	Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability - SANS Internet Storm Center
CISA	6 months ago	Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices \| CISA
DARKReading	6 months ago	Fortinet Warns of Yet Another Critical RCE Flaw
Recorded Future	9 months ago	Fortinet CVE-2023-27997: Impact and Mitigation Techniques
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	a year ago	Unpatched Fortinet Vulnerability Being Exploited by Threat Actors
Checkpoint	a year ago	10th July – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Cyber Security Week in Review: July 7, 2023
CERT-EU	a year ago	Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
CERT-EU	a year ago	335,000 Fortinet FortiGate firewalls used in the world could be hacked to install ransomware
CERT-EU	a year ago	Fortinet Bug: RUN — Don’t Walk — to Patch Critical RCE
CERT-EU	a year ago	Over 300,000+ Fortinet Firewalls are Vulnerable to a Critical RCE Flaw
CERT-EU	a year ago	Over Two-Thirds of FortiGate Firewalls Still at Risk
CERT-EU	a year ago	Threat Response That Outpaces Cyberattacks
Securityaffairs	a year ago	335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997
CERT-EU	a year ago	Businesses slow to patch critical Fortinet Fortigate vulnerability