In Fortigate’s June PSIRT Advisory Report, Fortigate has published a critical heap-based buffer overflow vulnerability in ForitOS, which has been tracked under a CVE ID CVE-2023-27997. According to the Advisory Report, the flaw has been assigned a CVSS score of 9.2 out of 10 on the scale. The flaw allows a remote attacker to execute arbitrary code or commands using a specifically crafted request on the vulnerable release. Considering its criticality, we urge all Fortigate users to fix the flaw at the earliest. We have published this post to let you know how to fix CVE-2023-2799, a heap-based buffer overflow vulnerability in FortiOS.
Based on research published by BishopFox, approximately more than 330,000 devices are prone to vulnerability. In a comprehensive report unveiled last week, cybersecurity powerhouse Bishop Fox revealed the startling vulnerability scale within the Fortinet SSL-VPN interfaces. Of nearly 490,000 interfaces exposed to the internet’s unpredictable landscape, an alarming 69 percent are unprotected and lacking necessary patches.
FortiOS is the proprietary operating system for Fortinet’s line of network security products, most notably their flagship FortiGate firewall appliances. First released in 2002, FortiOS provides a unified, comprehensive platform for end-to-end security of an organization’s network.
FortiOS offers a broad range of features for security, networking, and management. Some of these features include:
Firewall and VPN: FortiOS provides advanced firewall capabilities and VPN functionality. These are essential for protecting the network from external threats and securely connecting remote users or offices.
Intrusion Prevention System (IPS): IPS is a critical feature in modern network security, providing proactive protection against potential threats and attacks.
Anti-virus and Anti-malware: These capabilities help in detecting and mitigating threats such as viruses, trojans, worms, and other forms of malware.
Data Loss Prevention (DLP): This functionality helps protect sensitive data by preventing unauthorized data transmission from the network.
Traffic Shaping and Quality of Service (QoS): Traffic shaping prioritizes certain types of network traffic over others, improving overall network performance and reliability.
Web Filtering and Email Security: FortiOS also provides web filtering capabilities to block harmful or inappropriate content, as well as robust email security to protect against phishing and spam.
CVE ID: CVE-2023-27997
CVSS Score: 9.2
Severity: Critical
Description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
The flaw CVE-2023-27997 is a critical heap-based buffer overflow vulnerability that was discovered in the secure socket layer virtual private network (SSL VPN) functionality in FortiOS and FortiProxy in Fortinet devices. This vulnerability has the potential to allow an attacker to execute arbitrary code on the affected device.
The flaw is due to an incorrect length check in the FortiGate SSL VPN, which can be exploited by an attacker to send a specially crafted request to the affected device. If successful, the attacker can execute arbitrary code on the device with the privileges of the SSL VPN service.
The vulnerability can be exploited remotely without the need for any user interaction, making it a critical threat to organizations that use Fortinet devices. This is recommended to fix the CVE-2023-27997 vulnerability as soon as possible.
The vulnerability affects a wide range of Fortinet devices, including FortiOS and FortiProxy.
Products Affected:
FortiOS-6K7K version 7.0.10
FortiOS-6K7K version 7.0.5
FortiOS-6K7K version 6.4.12
FortiOS-6K7K version 6.4.10
FortiOS-6K7K version 6.4.8
FortiOS-6K7K version 6.4.6
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.9 through 6.2.13
FortiOS-6K7K version 6.2.6 through 6.2.7
FortiOS-6K7K version 6.2.4
FortiOS-6K7K version 6.0.12 through 6.0.16
FortiOS-6K7K version 6.0.10
FortiProxy version 7.2.0 through 7.2.3
FortiProxy version 7.0.0 through 7.0.9
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.13
FortiOS version 6.0.0 through 6.0.16
FortiSASE is no longer impacted, issue remediated Q2/23
Fortinet has released patches for the affected versions of FortiOS and FortiProxy. It is strongly recommended to update to the latest available patch as soon as possible to fix CVE-2023-27997. All the users of the vulnerable version of FrotiOS and FortiProxy are advised to upgrade their appliances to these versions.
Product | Vulnerable Version | Patch Version |
FortiOS-6K7K | FortiOS-6K7K version 7.0.10 FortiOS-6K7K version 7.0.5 FortiOS-6K7K version 6.4.12 FortiOS-6K7K version 6.4.10 FortiOS-6K7K version 6.4.8 FortiOS-6K7K version 6.4.6 FortiOS-6K7K version 6.4.2 FortiOS-6K7K version 6.2.9 through 6.2.13 FortiOS-6K7K version 6.2.6 through 6.2.7 FortiOS-6K7K version 6.2.4 FortiOS-6K7K version 6.0.12 through 6.0.16 FortiOS-6K7K version 6.0.10 | Please upgrade to FortiOS-6K7K version 7.0.12 or above Please upgrade to FortiOS-6K7K version 6.4.13 or above Please upgrade to FortiOS-6K7K version 6.2.15 or above Please upgrade to FortiOS-6K7K version 6.0.17 or above |
FortiProxy | FortiProxy version 7.2.0 through 7.2.3 FortiProxy version 7.0.0 through 7.0.9 FortiProxy version 2.0.0 through 2.0.12 FortiProxy 1.2 all versions FortiProxy 1.1 all versions | Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above Please upgrade to FortiProxy version 2.0.13 or above |
FortiOS | FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS version 6.4.0 through 6.4.12 FortiOS version 6.2.0 through 6.2.13 FortiOS version 6.0.0 through 6.0.16 | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.14 or above Please upgrade to FortiOS version 6.0.17 or above |
To fix the CVE-2023-27997 vulnerability in FortiOS, users should upgrade the vulnerable versions to the patched versions. Let’s see how to fix the fix CVE-2022-40684, a heap-based buffer overflow vulnerability in FortiOS.
If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image.
Log into the FortiGate GUI as the admin administrative user.
Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).
Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.
Click All Upgrades. The available firmware versions are displayed.
You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version. And Follow upgrade path is selected. According to the upgrade path, the device can be automatically upgraded.
Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade. The FortiGate will take the backup of current configurations, transfer to the management computer, uploads the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgradation of the FrotiOS.
We hope this post would help you know How to Fix CVE-2023-2799, a critical heap-based buffer overflow vulnerability in FortiOS and FortiProxy. Please share this post and help secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.