Mogilevich

Urgent Patch Required: Thousands of Unpatched Fortinet Firewalls Vulnerable to Exploits

Experts have uncovered a serious security flaw in FortiGate firewalls, revealing that hundreds of thousands of devices are yet to be patched against the vulnerability. The flaw, known as CVE-2023-27997, is a heap-based buffer overflow vulnerability affecting FortiOS and FortiProxy devices with SSL-VPN enabled. Cybersecurity researchers have issued a warning and urged users to apply the patch released by Fortinet to protect their systems from potential exploits.

The extent of the Issue:

Using the Shodan.io search engine, researchers from Bishop Fox found approximately 490,000 Fortinet SSL-VPN internet-exposed interfaces, with around two-thirds (338,100 endpoints) remaining unpatched. These vulnerable firewalls pose a significant security risk, as the flaw could be actively exploited by threat actors.

Patch and Mitigation:

Fortinet has released a patch to address the vulnerability and has identified specific versions of the software that have fixed the issue. Users are advised to update their firewalls to versions 7.2.5, 7.0.12, 6.4.13, or 6.2.15, as these versions are confirmed to have addressed the vulnerability. It is crucial for organizations to promptly apply the patch to protect their systems and prevent potential unauthorized access.

Proof of Concept Exploit:

Bishop Fox has developed a proof of concept (PoC) exploit that demonstrates the severity of the vulnerability. The exploit enables remote code execution, allowing attackers to take control of the affected network gear. The researchers emphasize the urgency of applying the patch, as they were able to exploit the vulnerability successfully and gain unauthorized access to the vulnerable devices.

Outdated Systems:

In their investigation, Bishop Fox also discovered that a few devices were running an operating system version that is eight years old. It is highly recommended to keep all software and firmware up to date to ensure the latest security patches and enhancements are applied.

The presence of unpatched Fortinet firewalls poses a significant security risk, as threat actors actively exploit the vulnerability. Users are urged to apply the available patch promptly and update their firewalls to the recommended versions. Keeping software and firmware up to date is crucial in maintaining secure network infrastructure and protecting against potential exploits.