Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

12 June 2023 [NO.TCSA : 20230612-1-1-P]

PUBLISHED:
12 June 2023

Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

Fortinet, a leading provider of network security appliances, recently issued firmware updates for its FortiGate devices to address a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices. The vulnerability, assigned the identifier CVE-2023-27997, if exploited, could allow a hostile agent to interfere with the VPN, even when multi-factor authentication (MFA) is activated.

Affected Versions

The vulnerability affects all versions of Fortigate SSL-VPN devices. However, it is believed that all previous versions are likely exposed to this vulnerability.

Mitigation

Fortinet has released security patches for the affected versions. It is highly recommended that administrators apply these updates as soon as possible. The patches can be found in the latest FortiOS firmware updates.

More Information

Critical Linux Kernel Vulnerability Allows Unprivileged Local Users to Gain Root Privileges (CVE-2026-31431)

READ MORE READ MORE

Critical Microsoft SharePoint Flaw Exploitations in the Wild

READ MORE READ MORE
15 January 2025 [NO.TCSA : 20250115-1-1-E]

Auth Bypass Vulnerability Exploited in Wild to Hijack Fortinet Firewalls

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN