Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks

Fortinet has warned customers that the critical CVE-2023-27997 vulnerability that was patched recently could be a zero-day exploited in limited attacks.

Fortinet exploited

Fortinet warned customers on Monday that the recently patched vulnerability tracked as CVE-2023-27997 could be a zero-day flaw that has been exploited in limited attacks.

News broke over the weekend that updates released by Fortinet for its FortiOS operating system patch CVE-2023-27997, a critical vulnerability that can be exploited by a remote, unauthenticated attacker for arbitrary code execution. 

On Monday, Fortinet confirmed that the latest FortiOS and FortiProxy updates address the flaw, which it has described as a critical heap-based buffer overflow in the SSL-VPN module that can allow a remote hacker to execute arbitrary code or commands using specifically crafted requests.

Fortinet also confirmed that the researchers who broke the news over the weekend, Charles Fol and Dany Bach from French cybersecurity firm Lexfo, were indeed the ones who informed it about the flaw. 

In addition to its advisory, Fortinet on Monday published a blog post clarifying that CVE-2023-27997 is just one of the six FortiOS vulnerabilities resolved with the latest updates. The remaining flaws were discovered internally as part of an audit of the SSL-VPN module that was triggered by the in-the-wild exploitation of CVE-2022-42475.

Exploitation of CVE-2022-42475 has been linked to a Chinese threat actor, which had used it as a zero-day in attacks aimed at government and other types of organizations. 

As for the new zero-day, Fortinet said its investigation found that CVE-2023-27997 “may have been exploited in a limited number of cases”. The company is working with customers to monitor the situation. 

“For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading,” Fortinet said.

Advertisement. Scroll to continue reading.

No information has been shared on the attacks potentially exploiting CVE-2023-27997, but the company did clarify that the zero-day is currently not being linked to the recently disclosed Volt Typhoon campaign. 

The Volt Typhoon campaign was detailed by Microsoft in May. The goal of the operation, believed to be the work of a Chinese state-sponsored threat group, has been to steal data from critical infrastructure organizations in the US territory of Guam.

Microsoft said the hackers exploited internet-exposed Fortinet FortiGuard firewalls for initial access. Fortinet believes, based on indicators of compromise (IoCs), that the Volt Typhoon campaign has exploited CVE-2022-40684, a security hole that has been widely exploited for initial access since at least the fall of 2022. 

Related: Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

Related: Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.