The team will notify you of any actionable new details. If you have any questions, please do not hesitate to reach out to us.
Yours, Team Axon
Posted Jun 13, 2023 - 16:29 UTC
Investigating
Team Axon is aware of a new critical RCE flaw (CVE-2023-27997) affecting FortiGate firewalls. Fortinet devices are popular targets for attacks due to their widespread use as firewall and VPN devices.
The vulnerability, discovered by Lexfo Security researcher Charles Fol (https://twitter.com/cfreal_/status/1667852157536616451), allows unauthorized access pre-authentication on SSL VPN appliances. This means that even with multi-factor authentication enabled, a hostile agent can interfere via the VPN. Fortinet is expected to publish more details in the coming days.
To mitigate the risk, we advise enterprise admins to promptly upgrade Fortigate devices. Security patches have been released for FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, which are expected to address the vulnerability.
Our team is researching the new vulnerability and will provide updates as more information regarding the vulnerability is published. We’ll privately contact customers that will be found as impacted. If you have any questions or need further assistance, please don’t hesitate to contact us.