CVE-2023-27997 is a critical vulnerability in the sslvpn module.
Situation
This Heap buffer overflow in sslvpn pre-authentication is tracked as CVE-2023-27997 and received a CVSSv3 score of 9.2 out of 10. The vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Affected OS
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.13
FortiOS version 6.0.0 through 6.0.16
FortiOS-6K7K version 7.0.10
FortiOS-6K7K version 7.0.5
FortiOS-6K7K version 6.4.12
FortiOS-6K7K version 6.4.10
FortiOS-6K7K version 6.4.8
FortiOS-6K7K version 6.4.6
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.9 through 6.2.13
FortiOS-6K7K version 6.2.6 through 6.2.7
FortiOS-6K7K version 6.2.4
FortiOS-6K7K version 6.0.12 through 6.0.16
FortiOS-6K7K version 6.0.10
FortiProxy version 7.2.0 through 7.2.3
FortiProxy version 7.0.0 through 7.0.9
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Workaround
Disable SSL-VPN.
Solution
Upgrade to fixed versions according to the Fortinet PSIRT Advisory:
Upgrade to FortiOS version 7.4.0 or above
Upgrade to FortiOS version 7.2.5 or above
Upgrade to FortiOS version 7.0.12 or above
Upgrade to FortiOS version 6.4.13 or above
Upgrade to FortiOS version 6.2.14 or above
Upgrade to FortiOS version 6.0.17 or above
Upgrade to FortiOS-6K7K version 7.0.12 or above
Upgrade to FortiOS-6K7K version 6.4.13 or above
Upgrade to FortiOS-6K7K version 6.2.15 or above
Upgrade to FortiOS-6K7K version 6.0.17 or above
Upgrade to FortiProxy version 7.2.4 or above
Upgrade to FortiProxy version 7.0.10 or above
Also check full vulnerability Report from Fortinet published in June: PSIRT Advisory
Please contact Sidarion in case of questions, if you need further support or think your systems might have been compromised.
