In Fortigate’s June PSIRT Advisory Report, Fortigate has published a critical heap-based buffer overflow vulnerability in ForitOS, which has been tracked under a CVE ID CVE-2023-27997. According to the Advisory Report, the flaw has been assigned a CVSS score of 9.2 out of 10 on the scale. The flaw allows a remote attacker to execute arbitrary code or commands using a specifically crafted request on the vulnerable release. Considering its criticality, we urge all Fortigate users to fix the flaw at the earliest. We have published this post to let you know how to fix CVE-2023-2799, a heap-based buffer overflow vulnerability in FortiOS.
Based on research published by BishopFox, approximately more than 330,000 devices are prone to vulnerability. In a comprehensive report unveiled last week, cybersecurity powerhouse Bishop Fox revealed the startling vulnerability scale within the Fortinet SSL-VPN interfaces. Of nearly 490,000 interfaces exposed to the internet’s unpredictable landscape, an alarming 69 percent are unprotected and lacking necessary patches.
A Short Note About FortiOS
FortiOS is the proprietary operating system for Fortinet’s line of network security products, most notably their flagship FortiGate firewall appliances. First released in 2002, FortiOS provides a unified, comprehensive platform for end-to-end security of an organization’s network.
FortiOS offers a broad range of features for security, networking, and management. Some of these features include:
- Firewall and VPN: FortiOS provides advanced firewall capabilities and VPN functionality. These are essential for protecting the network from external threats and securely connecting remote users or offices.
- Intrusion Prevention System (IPS): IPS is a critical feature in modern network security, providing proactive protection against potential threats and attacks.
- Anti-virus and Anti-malware: These capabilities help in detecting and mitigating threats such as viruses, trojans, worms, and other forms of malware.
- Data Loss Prevention (DLP): This functionality helps protect sensitive data by preventing unauthorized data transmission from the network.
- Traffic Shaping and Quality of Service (QoS): Traffic shaping prioritizes certain types of network traffic over others, improving overall network performance and reliability.
- Web Filtering and Email Security: FortiOS also provides web filtering capabilities to block harmful or inappropriate content, as well as robust email security to protect against phishing and spam.
Summary of CVE-2023-27997
CVE ID: CVE-2023-27997
CVSS Score: 9.2
Description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
The flaw CVE-2023-27997 is a critical heap-based buffer overflow vulnerability that was discovered in the secure socket layer virtual private network (SSL VPN) functionality in FortiOS and FortiProxy in Fortinet devices. This vulnerability has the potential to allow an attacker to execute arbitrary code on the affected device.
The flaw is due to an incorrect length check in the FortiGate SSL VPN, which can be exploited by an attacker to send a specially crafted request to the affected device. If successful, the attacker can execute arbitrary code on the device with the privileges of the SSL VPN service.
The vulnerability can be exploited remotely without the need for any user interaction, making it a critical threat to organizations that use Fortinet devices. This is recommended to fix the CVE-2023-27997 vulnerability as soon as possible.
FortiOS Versions Vulnerable to CVE-2023-27997
The vulnerability affects a wide range of Fortinet devices, including FortiOS and FortiProxy.
- FortiOS-6K7K version 7.0.10
- FortiOS-6K7K version 7.0.5
- FortiOS-6K7K version 6.4.12
- FortiOS-6K7K version 6.4.10
- FortiOS-6K7K version 6.4.8
- FortiOS-6K7K version 6.4.6
- FortiOS-6K7K version 6.4.2
- FortiOS-6K7K version 6.2.9 through 6.2.13
- FortiOS-6K7K version 6.2.6 through 6.2.7
- FortiOS-6K7K version 6.2.4
- FortiOS-6K7K version 6.0.12 through 6.0.16
- FortiOS-6K7K version 6.0.10
- FortiProxy version 7.2.0 through 7.2.3
- FortiProxy version 7.0.0 through 7.0.9
- FortiProxy version 2.0.0 through 2.0.12
- FortiProxy 1.2 all versions
- FortiProxy 1.1 all versions
- FortiOS version 7.2.0 through 7.2.4
- FortiOS version 7.0.0 through 7.0.11
- FortiOS version 6.4.0 through 6.4.12
- FortiOS version 6.2.0 through 6.2.13
- FortiOS version 6.0.0 through 6.0.16
- FortiSASE is no longer impacted, issue remediated Q2/23
How to Fix CVE-2023-27997- A Critical Heap-Based Buffer Overflow Vulnerability in FortiOS?
Fortinet has released patches for the affected versions of FortiOS and FortiProxy. It is strongly recommended to update to the latest available patch as soon as possible to fix CVE-2023-27997. All the users of the vulnerable version of FrotiOS and FortiProxy are advised to upgrade their appliances to these versions.
|Product||Vulnerable Version||Patch Version|
|FortiOS-6K7K||FortiOS-6K7K version 7.0.10
FortiOS-6K7K version 7.0.5
FortiOS-6K7K version 6.4.12
FortiOS-6K7K version 6.4.10
FortiOS-6K7K version 6.4.8
FortiOS-6K7K version 6.4.6
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.9 through 6.2.13
FortiOS-6K7K version 6.2.6 through 6.2.7
FortiOS-6K7K version 6.2.4
FortiOS-6K7K version 6.0.12 through 6.0.16
FortiOS-6K7K version 6.0.10
|Please upgrade to FortiOS-6K7K version 7.0.12 or above
Please upgrade to FortiOS-6K7K version 6.4.13 or above
Please upgrade to FortiOS-6K7K version 6.2.15 or above
Please upgrade to FortiOS-6K7K version 6.0.17 or above
|FortiProxy||FortiProxy version 7.2.0 through 7.2.3
FortiProxy version 7.0.0 through 7.0.9
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
|Please upgrade to FortiProxy version 7.2.4 or above
Please upgrade to FortiProxy version 7.0.10 or above
Please upgrade to FortiProxy version 2.0.13 or above
|FortiOS||FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.13
FortiOS version 6.0.0 through 6.0.16
|Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.12 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiOS version 6.2.14 or above
Please upgrade to FortiOS version 6.0.17 or above
To fix the CVE-2023-27997 vulnerability in FortiOS, users should upgrade the vulnerable versions to the patched versions. Let’s see how to fix the fix CVE-2022-40684, a heap-based buffer overflow vulnerability in FortiOS.
Time needed: 30 minutes.
How to Upgrade FortiOS?
If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image.
- Log in to the console as an administrator
Log into the FortiGate GUI as the admin administrative user.
- Go to Fabric Management to see the Version info
Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).
- Open the Upgrade pane
Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.
- See the available upgrades
Click All Upgrades. The available firmware versions are displayed.
- Select the target firmware, and see the upgrade options
You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version. And Follow upgrade path is selected. According to the upgrade path, the device can be automatically upgraded.
- Initiate the upgrade process
Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade. The FortiGate will take the backup of current configurations, transfer to the management computer, uploads the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgradation of the FrotiOS.