Fortinet has patched a critical FortiGate vulnerability that can be exploited by unauthenticated attackers to remotely execute code, according to the researchers who reported the flaw to Fortinet.
The vulnerability is tracked as CVE-2023-27997 and was discovered by researchers at French aggressive IT security company Lexfo.
One of the researchers, Charles Fol, said on Twitter: Impact of vulnerability It connects to all SSL VPN appliances and can be exploited to execute remote code without authentication.
Fortinet has not yet released an advisory for the flaw, but French cybersecurity firm Olympus CyberDefense reported that an advisory will be released on June 13.
The company said the security hole affects the FortiGate firewall’s SSL VPN functionality, allowing attackers to “interfere via the VPN.”
FortiOS 7.0.12, 7.2.5, 6.4.13, and 6.2.15 are reported to contain the patch.
Vulnerabilities affecting Fortinet products are often exploited by attackers, both cyber espionage and profit-seeking cyber criminals, before patches are released.
CISA’s Catalog of Known Exploited Vulnerabilities currently lists ten Fortinet product vulnerabilities that have been exploited in attacks by malicious actors since 2018.
Related: Fortinet Fixes Critical Vulnerability in Data Analytics Solution
Related: Chinese Hackers Zero-Day Attack on Fortinet VPN Vulnerability
Related: Fortinet Finds Zero-Day Exploit in Government Attack After Device Detects Integrity Compromise
Related: Fortinet Fixes Critical Uncertified RCE Vulnerability in FortiOS
