CVE-2023-27997 – FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication

Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2.

Fortinet PSIRT:

Affected are FortiOS versions 6.0 to 7.2. Fortinet has already published patches for all these versions.

FortiOS version 7.2.0 through 7.2.4 –> Immediately patch to 7.2.5
FortiOS version 7.0.0 through 7.0.11 –> Immediately patch to 7.0.12
FortiOS version 6.4.0 through 6.4.12 –> Immediately patch to 6.4.13
FortiOS version 6.2.0 through 6.2.13 –> Immediately patch to 6.2.14
FortiOS version 6.0.0 through 6.0.16 –> Immediately patch to 6.0.17

FortiOS 7.4 is not affected.

If you want to be informed about new Fortinet versions, use our automatic newsletter.
Subscribe to the newsletter here.


Leave a Reply

Your email address will not be published. Required fields are marked *