fortinet fortigate

Don’t regret it later: Fortinet’s FortiGate needs to be patched

2 Mins Read

PUREVPNPureVPN NewsDon’t regret it later: Fortinet’s FortiGate needs to be patched

Fortinet has recently released new firmware updates for FortiGate devices. These updates address a critical vulnerability that allows pre-authentication remote code execution in SSL VPN devices. The security fixes were quietly included in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, although they were not explicitly mentioned in the release notes.

According to cybersecurity firm Olympe Cyberdefense, the flaw could enable unauthorized access through the VPN, even if multi-factor authentication (MFA) is enabled. While all versions of FortiGate devices are believed to be affected, confirmation is expected with the release of the CVE on June 13, 2023.

Source: NIST

Fortinet thinks ahead

Fortinet typically releases security patches before disclosing critical vulnerabilities to give customers time to update their devices before malicious actors can analyze and exploit the patches.

Additional information has been disclosed by Lexfo Security vulnerability researcher Charles Fol, who reported discovering a critical remote code execution vulnerability, CVE-2023-27997, in FortiOS. This vulnerability can be exploited pre-authentication on any SSL VPN appliance. Fol emphasizes the urgency of patching Fortigate devices, as threat actors are likely to analyze and exploit the vulnerability quickly.

FortiGate devices are widely used for firewall and VPN purposes, making them attractive attack targets. A Shodan search reveals that over 250,000 FortiGate firewalls can be accessed from the internet, and since this vulnerability affects previous versions, a significant number of devices are potentially exposed.

Historically, threat actors have exploited SSL-VPN flaws shortly after patches are released, often using them to gain initial network access for data theft and ransomware attacks. Therefore, administrators should promptly apply the Fortinet security updates as soon as they are available.

Conclusive facts

Vulnerabilities happen! Cyberspace is full of holes that can be filled by either the bad or good ones. So, if good ones come forth first, they must be encouraged rather than criticized. This is because bad ones are waiting day and night to exploit your safe space in unbelievable ways. Stay safe! Always patch! Keep yourself updated!

author

Sameed Ajax

date

June 12, 2023

time

1 year ago

6-Feet Tall Tech writer.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.