Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Critical FortiOS and FortiProxy Vulnerability Likely Exploited

    justmattgBy justmattgJune 13, 2023No Comments3 Mins Read

    [ad_1]

    Jun 13, 2023Ravie LakshmananNetwork Security / Vulnerability

    FortiOS and FortiProxy Vulnerability

    Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been “exploited in a limited number of cases” in attacks targeting government, manufacturing, and critical infrastructure sectors.

    The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

    Cybersecurity

    LEXFO security researchers Charles Fol and Dany Bach have been credited with discovering and reporting the flaw. It was addressed by Fortinet on June 9, 2023 in the following versions –

    • FortiOS-6K7K version 7.0.12 or above
    • FortiOS-6K7K version 6.4.13 or above
    • FortiOS-6K7K version 6.2.15 or above
    • FortiOS-6K7K version 6.0.17 or above
    • FortiProxy version 7.2.4 or above
    • FortiProxy version 7.0.10 or above
    • FortiProxy version 2.0.13 or above
    • FortiOS version 7.4.0 or above
    • FortiOS version 7.2.5 or above
    • FortiOS version 7.0.12 or above
    • FortiOS version 6.4.13 or above
    • FortiOS version 6.2.14 or above, and
    • FortiOS version 6.0.17 or above

    The company, in an independent disclosure, said the issue was simultaneously discovered during a code audit that was prudently initiated following the active exploitation of a similar flaw in the SSL-VPN product (CVE-2022-42475, CVSS score: 9.3) in December 2022.

    UPCOMING WEBINAR

    🔐 Mastering API Security: Understanding Your True Attack Surface

    Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

    Join the Session

    Fortinet further said it is not attributing the exploitation events at this stage to a Chinese state-sponsored actor codenamed Volt Typhoon, which was disclosed by Microsoft last month as leveraging an unknown zero-day flaw in internet-facing Fortinet FortiGuard devices to gain initial access to target environments.

    It, however, noted it “expects all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.”

    In light of active in-the-wild abuse, the company is recommending that customers take immediate action to update to the latest firmware version to avert potential risks.

    “Fortinet continues to monitor the situation and has been proactively communicating to customers, strongly urging them to immediately follow the guidance provided to mitigate the vulnerability using either the provided workarounds or by upgrading,” the company told The Hacker News.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleResearchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer
    Next Article New Loader Delivering Spyware via Image Steals Cryptocurrency Info
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑