[ad_1]
Fortinet says a important FortiOS SSL VPN vulnerability that was patched final week “could have been exploited” in assaults impacting authorities, manufacturing, and significant infrastructure organizations.
The flaw (tracked as CVE-2023-27997 / FG-IR-23-097) is a heap-based buffer overflow weak spot in FortiOS and FortiProxy SSL-VPN that may let unauthenticated attackers acquire distant code execution (RCE) by way of maliciously crafted requests.
CVE-2023-27997 was found throughout a code audit of the SSL-VPN module following one other latest set of assaults towards authorities organizations exploiting the CVE-2022-42475 FortiOS SSL-VPN zero-day.
On Friday, Fortinet launched safety updates to deal with the vulnerability earlier than disclosing extra particulars at present.
This isn’t the primary time the corporate has pushed patches earlier than disclosing important vulnerabilities to provide clients time to safe their units earlier than menace actors reverse engineer them to create exploits.
“Our investigation discovered that one problem (FG-IR-23-097) could have been exploited in a restricted variety of instances and we’re working carefully with clients to observe the state of affairs,” Fortinet mentioned in a report printed on Monday.
“Because of this, if the shopper has SSL-VPN enabled, Fortinet is advising clients to take speedy motion to improve to the newest firmware launch.
“If the shopper isn’t working SSL-VPN the danger of this problem is mitigated – nevertheless, Fortinet nonetheless recommends upgrading.”
Greater than 250,000 Fortigate firewalls are uncovered on the Web, in response to Shodan, and it’s extremely possible {that a} vital quantity are additionally presently weak to assaults contemplating that this bug impacts all earlier firmware variations.
Volt Hurricane connections
Whereas it did not make any hyperlinks to the just lately disclosed Volt Hurricane assaults concentrating on important infrastructure organizations throughout the USA, Fortinet did point out the likelihood that the Chinese language cyberespionage group might additionally goal the CVE-2023-27997 flaw.
“At the moment we’re not linking FG-IR-23-097 to the Volt Hurricane marketing campaign, nevertheless Fortinet expects all menace actors, together with these behind the Volt Hurricane marketing campaign, to proceed to take advantage of unpatched vulnerabilities in broadly used software program and units,” the corporate mentioned.
“Because of this, Fortinet urges speedy and ongoing mitigation by means of an aggressive patching marketing campaign.”
Volt Hurricane is thought for hacking into Web-exposed Fortinet FortiGuard units by way of an unknown zero-day vulnerability to achieve entry to the networks of organizations in a variety of important sectors.
The menace actors additionally use compromised routers, firewalls, and VPN home equipment from a number of distributors to evade detection by making certain their malicious exercise blends in with official community visitors.
Fortinet mentioned at present that they’re primarily concentrating on units unpatched towards CVE-2022-40684, an authentication bypass vulnerability in FortiOS / FortiProxy / FortiSwitchManager units, for preliminary entry.
Nevertheless, simply as beforehand talked about, the menace actors are anticipated to additionally begin abusing new vulnerabilities, as they’re disclosed.
[ad_2]