2023-07-05 22:25:34
Bishop Fox security experts have identified a significant issue in several FortiGate firewalls and assigned the trace ID CVE-2023-27997. This flaw puts firewalls at risk, despite a recent security patch update released by Fortinet.
This bug, which is known as an RCE (which stands for “Remote Code Execution”) flaw, can be found in FortiOS, which is the connected operating system for Fortinet’s Security Fabric. This serious vulnerability received a score of 9.8 out of 10. There are about 490,000 SSL VPN interfaces on the Internet that are vulnerable, and about 69% of them have not been patched. Even though this RCE error, which stands for Remote Code Execution, was caused by a heap-based buffer overflow issue in FortiOS. There are about 490,000 SSL VPN interfaces on the Internet that are vulnerable, and about 69% of them have not been patched. Even though this RCE error, which stands for Remote Code Execution, was caused by a heap-based buffer overflow issue in FortiOS.
Exploiting this flaw can be used to do the following things:
break the heap
Establishes a connection to the attacker’s server
Download the BusyBox binary
Open an interactive shell
On a 64-bit system, the exploit can run in a single second, which is much faster than the pace shown in the example video. The researchers were able to locate machines that have accessible SSL VPN ports with the help of the Shodan search engine.
By looking for devices that had HTTP response headers specified, they were able to find machines that would redirect to ‘/remote/login’, indicating that an SSL VPN interface was exposed.
There were varying degrees of Xortigate vulnerability (CVE-2023-27997) among the 489,337 devices that were discovered by the query. Upon further examination, it was found that 153,414 devices had been upgraded to a more secure version of FortiOS.
The previous estimate of 250,000 vulnerable FortiGate firewalls generated from less reliable queries has been surpassed by the new figure of approximately 335,900 vulnerable FortiGate firewalls accessible from the web.
Proof-of-concept exploit code for critical severity issues is publicly accessible, making the devices in question susceptible to attack. Right now the only workaround that can be used is “Disable SSL-VPN”.
To protect important assets, it is strongly recommended to patch major vulnerabilities as soon as possible, especially those that are susceptible to proven exploitation. This vulnerability, CVE-2023-27997, can lead to data leaks, ransomware attacks, and other serious repercussions.
In the following list, you will find all the products that are affected by this:
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad
#Fortinet #FortiGate #firewalls #worldwide #hacked #ransomware