Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!


In order to fix a serious security hole that might be exploited by a threat actor to execute malware remotely, Fortinet has published patches for its FortiGate firewalls. Identified as CVE-2023-27997, the bug is “reachable pre-authentication, on every SSL VPN appliance,” according to Lexfo Security researcher Charles Fol, who found and reported the flaw.

There are currently no specifics available concerning the security problem, and Fortinet has not yet issued an advisory, though additional information should become available in the coming days. The problem has been fixed in versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5, according to a separate advisory from the French cybersecurity firm Olympe Cyberdefense.

Read More…