Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now

A patch was released a month ago

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hundreds of thousands of FortiGatefirewallsare yet to be patched against a flaw being actively used in the wild, experts have revealed.

Cybersecurity researchers from Bishop Fox recently used the Shodan.io search engine for internet-connected devices to look for servers with HTTPS responses that suggested the software was outdated.

The results brought back almost 490,000 Fortinet SSL-VPN internet-exposed interfaces, with roughly two-thirds (338,100 endpoints) being unpatched.

Multiple secure versions

These firewalls are said to be vulnerable to CVE-2023-27997, a heap-based buffer overflow vulnerability with a 9.8 severity score. The flaw affects FortiOS and FortiProxy devices with SSL-VPN enabled. Last night, Fortinet issued a patch, and said that the vulnerable endpoints “may have been exploited in a limited number of cases.”

If you are yet to patch your firewalls, make sure to bring them up to versions 7.2.5, 7.0.12, 6.4.13, or 6.2.15, as all of these are said to have addressed the issue.

Besides urging users to apply the fix, Bishop Fox has also developed a proof of concept (PoC), an exploit abusing the flaw to achieve remote code execution. Through the exploit, the researchers managed to take over the affected network gear. The researchers also found a “handful of devices” running a version of theoperating systemthat’s eight years old.

Fortinet warns VPN users targeted by critical vulnerability>Nasty vulnerability in Fortinet firewalls, proxies abused in real-world attacks>These are the best endpoint protection services today

“I wouldn’t touch those with a 10-foot pole,” commented Caleb Gross, director of capability development at Bishop Fox.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Gross added that their exploit “smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary, and opens an interactive shell.”

The vulnerability was first discovered in early June and reported to Fortinet, which released the patch on June 8, and a detailed breakdown of the exploit process a week later, on June 13, The Register reports.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

Philips Hue vs Govee: choose the right smart lights for you