CVE-2023-27997: Fortinet FortiGate SSL VPN Pre-Auth RCE Vulnerability

In the digital universe, one of the gravest concerns that plague network security administrators is the constant threat of security vulnerabilities. Fortinet, a frontrunner in the industry, offering advanced solutions to secure and simplify network infrastructures, recently faced this reality. The security flaw in question, recognized as CVE-2023-27997, poses a significant risk to the Fortinet FortiGate SSL VPN.

FortiGate, a product of Fortinet, has cemented its place in providing an impeccable security infrastructure, from remote offices, and small businesses to expansive campuses, data centers, and cloud deployments. However, even such robust systems can fall victim to vulnerabilities, as was the case with the recent heap-based buffer overflow bug, impacting its SSL VPN functionalities.

Fortinet issued an update recently, following the discovery of a vulnerability that could allow unauthenticated remote code execution on devices. The flaw, CVE-2023-27997, is a heap-based buffer overflow bug. This bug, when exploited, can enable unauthenticated users to crash devices remotely and potentially execute code.

The SSL VPN functionalities of FortiGate are at the core of this vulnerability. SSL VPNs are instrumental in providing secure remote access to an organization’s network. However, the exploitation of this flaw could potentially breach this secure channel, leading to disastrous outcomes for the network’s security integrity.

Researchers @DDXhunter and @cfreal_ deserve credit for discovering and reporting this dangerous flaw to Fortinet. The fact that this bug could be reachable pre-authentication, on every SSL VPN appliance, was underscored by researcher @cfreal_ on Twitter. This means, in the absence of any necessary authentication, every SSL VPN device could potentially be exposed to this vulnerability.

In response to the vulnerability, Fortinet has published fixes for this flaw, which are included in versions 7.2.5, 7.0.12, 6.4.13, 6.2.15, and 6.0.17. Users are strongly encouraged to update their systems to these versions to ensure the security of their networks.

At present, it remains uncertain whether this vulnerability has been exploited by hackers in the wild. However, the swift discovery and response serve as a testament to the importance of ongoing vigilance in cybersecurity.

More information about this flaw is expected to be published on June 13, 2023. Until then, it remains a clear reminder of the persistent threats lurking in the digital world, even within the most trusted security infrastructures.

Update: June 13, 2023

Fortinet released a security advisory for this flaw with a CVSS score of 9.2.

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Source: Twitter [1, 2, 3]