338,000 unpatched FortiGate firewalls vulnerable to critical bug

Share post:

According to Bishop Fox, despite a patch provided in June, a critical bug in FortiGate firewalls that might allow attackers to take control of devices has not been addressed on more than 338,000 devices.

CVE-2023-27997, with a CVSS score of 9.8 out of 10, is a heap-based buffer overflow vulnerability that affects FortiOS and FortiProxy devices that have SSL-VPN enabled. Fortinet fixed it on June 8, however many devices have yet to be updated.

Researchers from Bishop Fox developed an exploit for the vulnerability that can be used to gain remote code execution on affected devices. They also found that a handful of devices are still running eight-year-old FortiOS software, which is even more vulnerable to attack. It did not stop there, as it investigation identified approximately 490,000 Fortinet SSL-VPN interfaces exposed on the internet, with 69 percent (338,100) remaining unpatched.

Bishop Fox went on to demonstrate how the vulnerability could impair the system by causing heap damage, connecting to an attacker-controlled site, downloading a BusyBox file, and creating a shell.

The sources for this piece include an article in TheRegister.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways