Fortinet patches critical flaw in Fortigate devices


Cybersecurity company Fortinet has issued patches for a previously undetected critical flaw in Fortigate firewalls.

The company said a remote code execution (RCE) flaw has been affected in multiple Fortigate devices with SSL-VPN enabled. Fortigate is a next-generation firewall device that, according to Fortinet, delivers “unparalleled AI-powered security performance and threat intelligence, along with full visibility and security and networking convergence.”

By abusing the flaw (CVE-2023-27997), threat actors could gain remote code execution rights on the affected system and perform unauthorized actions.

The patches were released last Friday for FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.

All organizations are urged to apply the available patches immediately, as well as investigate networks for signs of compromise.

At the end of last year, Fortinet acknowledged that threat actors had been exploiting another critical bug (CVE-2022-40684) affecting FortiOS, FortiProxy, and FortiSwithManager.

In 2021, the company found itself under the spotlight as a threat actor allegedly scraped nearly 500,000 Fortinet VPN user credentials from unsecured devices and then shared them on a newly-launched hacker forum.


More from Cybernews:

I’m addicted to apps and I’m not asking to be rescued

The University of Manchester hit with cyberattack

Hackers have been sitting on MOVEit bug for 2 years

French Senate gives green light to surveillance through cameras and microphones

ANOM ‘sting’ app leads to $5M bounty offer by FBI

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked