Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.
The vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on every SSL VPN appliance,” Lexfo Security researcher Charles Fol, who discovered and reported the flaw alongside Dany Bach, said in a tweet over the weekend.
Details about the security flaw are currently withheld and Fortinet is yet to release an advisory, although the network security company is expected to publish more details in the coming days.
French cybersecurity company Olympe Cyberdefense, in an independent alert, said the issue has been patched in versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
“The flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated,” the firm noted.
images from Hacker News