Urgent Patch Required: Thousands of Unpatched Fortinet Firewalls Vulnerable to Exploits
Experts have uncovered a serious security flaw in FortiGate firewalls, revealing that hundreds of thousands of devices are yet to be patched against the vulnerability. The flaw, known as CVE-2023-27997, is a heap-based buffer overflow vulnerability affecting FortiOS and FortiProxy devices with SSL-VPN enabled. Cybersecurity researchers have issued a warning and urged users to apply the patch released by Fortinet to protect their systems from potential exploits.
The extent of the Issue:
Using the Shodan.io search engine, researchers from Bishop Fox found approximately 490,000 Fortinet SSL-VPN internet-exposed interfaces, with around two-thirds (338,100 endpoints) remaining unpatched. These vulnerable firewalls pose a significant security risk, as the flaw could be actively exploited by threat actors.