According to Bishop Fox, despite a patch provided in June, a critical bug in FortiGate firewalls that might allow attackers to take control of devices has not been addressed on more than 338,000 devices.
CVE-2023-27997, with a CVSS score of 9.8 out of 10, is a heap-based buffer overflow vulnerability that affects FortiOS and FortiProxy devices that have SSL-VPN enabled. Fortinet fixed it on June 8, however many devices have yet to be updated.
Researchers from Bishop Fox developed an exploit for the vulnerability that can be used to gain remote code execution on affected devices. They also found that a handful of devices are still running eight-year-old FortiOS software, which is even more vulnerable to attack. It did not stop there, as it investigation identified approximately 490,000 Fortinet SSL-VPN interfaces exposed on the internet, with 69 percent (338,100) remaining unpatched.
Bishop Fox went on to demonstrate how the vulnerability could impair the system by causing heap damage, connecting to an attacker-controlled site, downloading a BusyBox file, and creating a shell.
The sources for this piece include an article in TheRegister.