12 June 2023 [NO.TCSA : 20230612-1-1-P]
Fortinet, a leading provider of network security appliances, recently issued firmware updates for its FortiGate devices to address a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices. The vulnerability, assigned the identifier CVE-2023-27997, if exploited, could allow a hostile agent to interfere with the VPN, even when multi-factor authentication (MFA) is activated.
The vulnerability affects all versions of Fortigate SSL-VPN devices. However, it is believed that all previous versions are likely exposed to this vulnerability.
Fortinet has released security patches for the affected versions. It is highly recommended that administrators apply these updates as soon as possible. The patches can be found in the latest FortiOS firmware updates.