FortiOS Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution
CVE-2023-27997

9.2CRITICAL

Key Information:

Vendor
Fortinet
Status
FortiOS-6k7k
Fortiproxy
FortiOS
Vendor
CVE Published:
13 June 2023

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoCπŸ¦… CISA ReportedπŸ“° News Worthy

Summary

A heap-based buffer overflow vulnerability in FortiOS and FortiProxy allows remote attackers to execute arbitrary code or commands. By sending specially crafted requests, attackers can exploit this vulnerability, affecting multiple versions of both FortiOS and FortiProxy products. This raises significant security concerns for organizations using these products, as unaddressed vulnerabilities can lead to severe consequences.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.4

FortiOS 7.0.0 <= 7.0.11

FortiOS 6.4.0 <= 6.4.12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-27997-check
Created by BishopFox

xortigate-cve-2023-27997
Created by lexfo

CVE-2023-27997-POC
Created by rio128128

News Articles

πŸ”—Trend Micro

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

3 months ago

πŸ”—www.thestack.technology

Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix...

"Disable SSL VPN (disable webmode is NOT a valid workaround..."

1 year ago

πŸ”—CSO Online

Fortinet urges patching N-day bug amid ongoing nation-state exploitation

The flaw has a critical severity rating with a CVSS score of 9.6 and allows a remote unauthenticated actor to execute arbitrary commands by specially crafted HTTP requests.

1 year ago

References

https://fortiguard.com/psirt/FG-IR-23-097

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ“°

    First article discovered by CSO Online

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.