No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild.

According to a report published last week by cybersecurity firm Bishop Fox, out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, approximately 69% percent remain unpatched.

CVE-2023-27997 (CVSS score: 9.8), also called XORtigate, is a critical vulnerability impacting Fortinet FortiOS and FortiProxy SSL-VPN, which are widely used by organizations to establish secure virtual private network connections. This vulnerability allows remote code execution, which means that an attacker could exploit it to gain unauthorized access to the system, potentially compromising sensitive data and network infrastructure.

Fortinet, the manufacturer of Fortigate firewalls, released patches in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 to address the vulnerability on June 8. However, recent reports indicate that a staggering 69% of the affected devices remain unpatched. This means that thousands of organizations are still exposed to potential attacks, leaving their networks vulnerable to exploitation

Immediate Action Required

Given the severity of the Fortigate VPN vulnerability, it is crucial for administrators and IT teams to take immediate action to secure their networks. Here are some steps you could take;

1. Verify if Your Organization Uses Fortigate VPNs- The first step is to determine whether your organization utilizes Fortigate VPNs. Identifying the scope of the vulnerability within your organization is essential for targeted action.
2. Check for Available Patches and Updates- Fortinet has released patches to fix the vulnerability. It is imperative to check for available patches and updates from the manufacturer’s official website or through their support channels. Keeping your Fortigate VPN software up to date is crucial for maintaining a secure network environment.
3. Prioritize Patching for Network Security – Once you have obtained the necessary patches and updates, prioritize the installation and implementation of these security measures. Patching the vulnerable systems promptly is vital to prevent potential attacks. Develop a plan that outlines the patching process, ensuring minimal disruption to regular business operations.
4. Communicate the Urgency to Stakeholders and Colleagues – To ensure a swift response to the Fortigate VPN vulnerability, it is essential to communicate the urgency of patching to all stakeholders and colleagues within your organization. Raise awareness about the potential risks associated with this vulnerability and emphasize the importance of taking immediate action. Encourage cooperation and collaboration among teams to expedite the patching process.

Source

https://bishopfox.com/blog/cve-2023-27997-exploitable-and-fortigate-firewalls-vulnerable

https://thehackernews.com/2023/07/alert-330000-fortigate-firewalls-still.html