Governance & Risk Management , Patch Management , Vulnerability Assessment & Penetration Testing (VA/PT)

Fortinet Fixes Critical Remote Code Flaw

Fortinet's Second VPN Vulnerability of 2023 Affects Fortigate VPN-SSL Protocol
Fortinet Fixes Critical Remote Code Flaw

Fortinet has patched a critical remote code execution vulnerability in its Secure Sockets Layer network protocol that could give adversaries access to networks.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

The vulnerability affects all versions of Fortigate firewalls, and specifically the Secure Sockets Layer VPN functionalities that allow individual users to access an organization's network. It can be exploited without credentials and can bypass multifactor authentication, according to French cybersecurity firm Olympe Cyberdefense, which uncovered the flaw on Friday.

Olympe said a CVE for the vulnerability will be released on Tuesday.

Following the disclosure, Fortinet on Friday rolled out patches to firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. The company has not publicly acknowledged the vulnerability, but in a statement to Information Security Media Group it said that it had alerted customers confidentially prior to release of the advisory.

Security researchers and developer communities said the patches released Friday by the company also contain fixes for the new RCE flaw.

No attacks exploiting this vulnerability have been reported. It is the second flaw reported by Fortinet this year. In January, a suspected Chinese government-backed group exploited a Fortinet VPN vulnerability tracked as CVE-2022-42475 to deliver a Linux backdoor malware variant (see: Fortinet VPN Flaw Shows Pitfalls of Security Appliances).

Security firm Mandiant, which uncovered the Chinese campaign, said nation-state actors are more actively exploiting vulnerabilities in security appliances such as Fortigate because of the difficulty in detecting malicious activity.

Due to the severity of the latest flaw, cybersecurity agencies in Australia, China and Israel on Monday released separate alerts requesting Fortinet users to patch the vulnerability immediately.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.