CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Project:Fortinet
Product:FortiOS and FortiProxy SSL-VPN
Date Added:2023-06-13Due Date:2023-07-04
Vulnerability Name
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Description
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-23-097
https://nvd.nist.gov/vuln/detail/CVE-2023-27997
Related News Articles
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink ExploitApril 12, 2025
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devicesApril 12, 2025
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinksApril 12, 2025
Chinese APT Group Is Ransacking Japan's SecretsJanuary 10, 2025
MirrorFace hackers targeting Japanese govt, politicians since 2019January 10, 2025