CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

CVE-2023-27997: Fortinet | FortiOS and FortiProxy SSL-VPN

Date Added:
2023-06-13

Due Date:
2023-07-04

Vulnerability Name: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

Description: Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply updates per vendor instructions.

Additional Notes: https://www.fortiguard.com/psirt/FG-IR-23-097; https://nvd.nist.gov/vuln/detail/CVE-2023-27997

Related News Articles

Fortinet warns of new critical FortiManager flaw used in zero-day attacksOctober 23, 2024

Google: 70% of exploited flaws disclosed in 2023 were zero-daysOctober 17, 2024

RansomHub Ransomware Group Targets 210 Victims Across Critical SectorsSeptember 2, 2024

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR MalwareJuly 31, 2024

Exploit released for maximum severity Fortinet RCE bug, patch nowMay 29, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard