CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

CVE-2023-27997: Fortinet | FortiOS and FortiProxy SSL-VPN

Date Added:
2023-06-13

Due Date:
2023-07-04

Vulnerability Name: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

Description: Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://www.fortiguard.com/psirt/FG-IR-23-097; https://nvd.nist.gov/vuln/detail/CVE-2023-27997