CVE-2023-27997
Published Jun 13, 2023
Last updated 2 months ago
AI description
CVE-2023-27997 is a heap-based buffer overflow vulnerability found in the SSL-VPN component of Fortinet's FortiOS and FortiProxy. It arises from the SSL-VPN pre-authentication module, where an overflow of data from an allocated memory block into adjacent memory blocks in the heap can occur. Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code or commands via specifically crafted requests. This can be achieved without authentication, potentially bypassing multi-factor authentication, and allowing attackers to access networks and products protected by the secure channel.
- Description
- A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
- Exploit added on
- Jun 13, 2023
- Exploit action due
- Jul 4, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. https://t.co/gqXSmXNMa4
@achi_tech
19 Apr 2025
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities: Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate prod ...
@AnnieDo52640257
15 Apr 2025
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetのゼロデイ脆弱性、任意のコード実行につながる可能性あり(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762) https://t.co/s2zvEqFPp0 #Security #セキュリティ #ニュース
@SecureShield_
15 Apr 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Compromise and persistent access of Fortinet FortiOS products (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) https://t.co/RvWSwRITk1 https://t.co/yl2K6pPyT2
@djhsecurity
14 Apr 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet VPNs Still at Risk Despite Patching Fortinet warns that attackers are maintaining access to compromised FortiGate VPN devices even after security patches. Exploited vulnerabilities include CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. 🔍 How? Hackers left behind
@ChbibAnas
13 Apr 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinet warns that attackers can maintain read-only access to FortiGate devices via a symbolic link, even after patching vulnerabilities like CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762, affecting SSL-VPN-enabled devices. https://t.co/gMCtKRq5gy
@Cyber_O51NT
13 Apr 2025
717 Impressions
2 Retweets
4 Likes
2 Bookmarks
1 Reply
0 Quotes
Fortigateデバイスの脆弱性CVE-2022-42475、CVE-2023-27997、CVE-2024-21762などを悪用しユーザーファイルシステムとルートファイルシステムを接続するシンボリックリンクを作成することで読み取り専用アクセスを維持する方法が発見されたとのこと。 https://t.co/n7FwIJDivV
@ntsuji
12 Apr 2025
2640 Impressions
3 Retweets
12 Likes
6 Bookmarks
2 Replies
0 Quotes
Fortinetによれば、最近、既知の脆弱性(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762など)を悪用した攻撃が確認され、新しい手法でFortiGate製品に対して”read-only”のアクセスを維持する事例が発見されました。 ただし、SSL-VPNを有効化していない環境は影響を受けません。 https://t.co/rJ9Vc1KSVE
@t_nihonmatsu
12 Apr 2025
416 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. Full details 👉 https://t.co/AbzC2WPo4r
@TheHackersNews
11 Apr 2025
72569 Impressions
74 Retweets
154 Likes
47 Bookmarks
4 Replies
8 Quotes
CISAから2023年に良く悪用された脆弱性のまとめが公開されていましたね。 2023 Top Routinely Exploited Vulnerabilities https://t.co/ulfm6a7TUz ◆CVE-2023-3519:Citrix ◆CVE-2023-4966:Citrix ◆CVE-2023-20198:Cisco ◆CVE-2023-20273:Cisco ◆CVE-2023-27997:Fortinet… https://t.co/5hY9DKZUl3 https://t.co/G9ylY3EdvP
@taku888infinity
13 Nov 2024
1354 Impressions
1 Retweet
8 Likes
0 Bookmarks
1 Reply
0 Quotes
【独自】F5 BIG-IPにおけるリモートコード実行脆弱性CVE-2023-46747と、FortiOS及びFortiProxyにおけるバッファオーバーフローCVE-2023-27997が、ランサムウェアにより悪用された。米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。 https://t.co/fyN6WPZRqY
@__kokumoto
24 Oct 2024
1795 Impressions
4 Retweets
26 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
"versionEndIncluding": "1.1.6",
"versionStartIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05",
"versionEndIncluding": "1.2.13",
"versionStartIncluding": "1.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C1D5E6B-A23E-4A92-B53C-720AFEB1B951",
"versionEndIncluding": "2.0.12",
"versionStartIncluding": "2.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAC18F7E-5242-4F36-BB42-FEC33B3AC075",
"versionEndIncluding": "7.0.9",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A99FF48-370E-4D2A-B5CC-889EA21AB213",
"versionEndIncluding": "7.2.3",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EA5512D-6EE5-4DF3-A960-C02394F25225",
"versionEndIncluding": "6.0.16",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CD57A5A-2B13-495A-8530-8F97E1720602",
"versionEndIncluding": "6.2.13",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E99B6E5-7EC3-406C-AFAC-A5E32DE266DF",
"versionEndIncluding": "6.4.12",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2573C90-BE6A-4D5D-A223-F09213318909",
"versionEndIncluding": "7.0.11",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25",
"versionEndIncluding": "7.2.4",
"versionStartIncluding": "7.2.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D997493-24C2-4A78-9DF0-6438E9415A3C",
"versionEndIncluding": "6.0.16",
"versionStartIncluding": "6.0.12"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A0D0D55-1A51-454D-A8B1-D7100D453102",
"versionEndIncluding": "6.2.13",
"versionStartIncluding": "6.2.9"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6AF1FA-A034-439A-876B-BFA1BE7DE15E"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9694FC0C-408A-4892-ADD1-F36F4BBBD9EF"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B8A132F-601F-4129-BFCA-3A976A711D5A"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90600B14-07C4-455D-9FC1-17034D91B987"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B28478DA-8D10-4A8E-81EA-D3DF421E5089"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2F935F9-5B6A-47C2-8F65-7A1E8BB061FF"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "751D2FC7-482F-4C6B-95DB-244004A2738E"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEE44B20-6F00-4962-9929-5A5054BBA94C"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB2FF1DA-001B-4CA1-9F46-427D9C92CBC6"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48D0E8CC-3815-4697-86D0-DC7F66E70520"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78C6C937-4477-438D-A252-E4102D758120"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortigate_6000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3BB410C9-CDD4-4068-97E0-6D83AE62B7F1"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate_7000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E0CBA773-10C1-410D-BB01-771F454ABEBA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]