According to the National Vulnerability Database (2023), CVE-2023-27997 which is a heap-based buffer overflow vulnerability remains unpatched in Fortinet Firewalls. There are over 300,000 firewalls that have not been patched and remain vulnerable, that’s a whopping 69% (Gross, 2023).
This vulnerability impacts the FortiOS and FortiProxy SSL_VPN appliances that can allow attackers to execute codes and commands. In the image above provided by Gross’s report, the exploit smashes the heap, connects back to the attacker’s server, downloads a BusyBox binary, and opens an interactive shell.
It’s imperative that businesses using Fortinet firewalls patch up their systems. Patches have been released for versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. Attacks have been geared toward government, manufacturing, and critical infrastructure sectors.