Fortinet Issues Critical Patches: Fortinet released firmware updates for Fortigate devices, addressing a critical pre-authentication remote code execution vulnerability in SSL VPN. The updates fix the undisclosed vulnerability and are available for specific FortiOS firmware versions.
It is believed that the updates also address a critical SSL-VPN vulnerability that will be disclosed soon, which could allow malicious actors to interfere with the VPN, even with multi-factor authentication enabled.
Fortinet Issues Critical Patches for a Vulnerability in FortiGate SSL VPN
Key Takeaways:
- Fortinet has released firmware updates for Fortigate devices, addressing a critical pre-authentication remote code execution vulnerability affecting SSL VPN.
- The updates were released for specific FortiOS firmware versions and aimed to fix the undisclosed vulnerability.
- The security patches are believed to have silently addressed a critical SSL-VPN remote code execution vulnerability.
- The vulnerability could enable malicious actors to interfere with the VPN, even if multi-factor authentication is enabled.
- Fortinet has a reputation for releasing security patches before publicly disclosing critical vulnerabilities, allowing customers to update their devices in advance.
- Lexfo Security vulnerability researcher Charles Fol confirmed the inclusion of a fix for a critical remote code execution vulnerability in the latest FortiOS updates.
- The vulnerability, identified as CVE-2023-27997, was reported by Charles Fol and DDXhunter.
- Administrators are urged to promptly apply the patch due to the high risk of exploitation by threat actors.
- Over 250,000 publicly accessible Fortigate firewalls have been identified, indicating a significant number of devices may be exposed.
- Swift action is crucial as SSL-VPN vulnerabilities have been historically exploited shortly after patch releases, leading to data breaches and ransomware attacks.
Fortinet has issued firmware updates for Fortigate devices, addressing a critical undisclosed pre-authentication remote code execution vulnerability affecting SSL VPN.
Firmware Updates to Address Critical SSL VPN Vulnerability
On Friday, Fortinet released security fixes for FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, addressing the mentioned vulnerability.
Silent Resolution of Critical SSL-VPN Remote Code Execution Vulnerability
Although not explicitly stated in the release notes, security professionals and administrators have suggested that the updates silently addressed a critical SSL-VPN remote code execution (RCE) vulnerability set to be disclosed on Tuesday, June 13th, 2023.
Malicious Actors Exploiting VPN Interference Vulnerability
According to a statement from Olympe Cyberdefense, a French cybersecurity firm, the vulnerability would enable malicious actors to interfere via the VPN, even if multi-factor authentication (MFA) is enabled.
Confirmation Pending Until Release of CVE
Currently, all versions are believed to be affected by the vulnerability, but confirmation of this information is pending until the release of the CVE on June 13, 2023.
Fortinet’s Reputation for Proactive Security Patches
Fortinet has a reputation for releasing security patches before publicly disclosing critical vulnerabilities, allowing customers to update their devices in advance, and preventing threat actors from reverse engineering the patches.
The urgency to Apply Patches and Mitigate Threat Exploitation
Lexfo Security vulnerability researcher Charles Fol has recently revealed additional details to BleepingComputer, stating that the latest FortiOS updates contain a solution for a critical remote code execution (RCE) vulnerability discovered by him and Rioru.
Charles Fol tweeted that Fortinet has released a patch for CVE-2023-27997, the remote code execution vulnerability that he and DDXhunter reported.
“This is reachable pre-authentication, on every SSL VPN appliance. Patch your Fortigate. Details at a later time. #xortigate.”
In a conversation, Fol emphasized the urgency for Fortinet administrators to apply this patch promptly, as there is a high likelihood of threat actors rapidly analyzing and exploiting the vulnerability.
To Ensure System Security, Prompt Implementation of Fortinet’s Security Updates
Given the widespread usage of Fortinet devices as popular firewall and VPN solutions, they remain attractive targets for potential attacks.
Based on a Shodan search, it has been identified that there are over 250,000 publicly accessible Fortigate firewalls. Considering that this vulnerability affects all previous versions, it is highly probable that a significant number of these devices are exposed.
Historically, threat actors have exploited SSL-VPN vulnerabilities shortly after patch releases. These vulnerabilities are frequently exploited to gain initial network access, leading to data breaches and ransomware attacks. Therefore, swift action is crucial to address this issue and mitigate potential risks.
To ensure system security, administrators must promptly implement Fortinet’s security updates as soon as they are released.”
What is FortiGate SSL VPN?
A secure remote access solution offered by the cybersecurity company Fortinet is known as Fortigate SSL VPN. Users can create a secure connection to a private network over the internet using SSL VPN (Secure Sockets Layer Virtual Private Network).
FortiGate SSL VPN lets remote users safely access the private network’s assets and services as if they were physically present there. Fortinet’s FortiGate devices, which are well-known network security appliances, are used to implement SSL VPN technology specifically as Fortigate SSL VPN.
Conclusion
In conclusion, we see an emphasis on the need for prompt application of security updates due to the risk of threat actors rapidly exploiting vulnerabilities. Fortinet’s commendable practice of releasing patches before public disclosure allows customers to update their devices in advance, preventing reverse engineering by threat actors.
Fortinet devices, widely used as firewall and VPN solutions, are frequently targeted by attackers. Administrators must take immediate action to mitigate risks, particularly with a large number of publicly accessible Fortigate firewalls.
