Multiple versions of Fortinet Fortigate devices have been found to have a serious vulnerability when SSL VPN is enabled. This leak makes it easy for hackers to penetrate your Fortigate firewall, with all the consequences that entails.
This vulnerability - designated CVE-2023-27997 - has a rating of 9.2 on a scale of 10.
Two-step authentication offers no protection. The vulnerability affects requests in the pre-authentication phase of SSL-VPN.
69% of firewalls still not patched
One month after this notification, 69% of the Fortigate firewalls still have not received a software update. Be sure to patch your firewalls right away to prevent damage.
Patch for CVE-2023-27997
Is your Fortinet's SSL VPN functionality activated? Then it is very important to protect your Fortinet firewall and thus your ICT network.
Patch your equipment to the latest version:
- 6.0.17
- 6.2.15
- 6.4.13
- 7.0.12
- 7.2.5
Complex Update CVE-2023-27997 - Highest Priority
All Fortinet firewalls of customers managed by us were immediately updated by our engineers on the same day of the patch release. This has resolved the SSL-VPN vulnerability.
Due to the complexity, we advise you to have the patch performed by a specialist. Our engineers know exactly how to help you.
Source reference:
Link 3: https://bishopfox.com/blog/cve-2023-27997-exploitable-and-fortigate-firewalls-vulnerable
Need help with this patch?
Have you not patched this serious vulnerability yet?
Are you unsure which version your Fortinet equipment has?
Contact us for a swift and secure solution.
