Skip to main content
EHoegee
EHoegee
Explorer
June 12, 2023
Solved

CVE-2023-27997

  • June 12, 2023
  • 9 replies
  • 10373 views

Is there any official report on this that comes from Fortinet?

I see a lot of people patching but so far no report from Fortinet.

 

Thank you in advance,

 

Evert

    9 replies

    freddelm
    freddelm
    Explorer
    June 12, 2023

    Also Does the Vulnerability apply if SSL-VPN is not enabled on the Fortigate?

     

    My config is 

     

    config vpn ssl settings

    set status disable

      JS_DC
      JS_DC
      Explorer
      June 12, 2023

      Also curious about this.  We disabled SSL-VPN after the last public vulnerability as a mitigation and left it disabled. 

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      June 12, 2023

      It seems to come out tomorrow in I guess US time.
      https://www.helpnetsecurity.com/2023/06/11/cve-2023-27997/

       

      Toshi

      EHoegee
      EHoegeeAuthor
      Explorer
      June 12, 2023

      Yes, that is indeed also what I got back from Support!

      Late2IT
      Late2ITAnswer
      New Member
      June 12, 2023

      Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign | Fortinet Blog

       

      Just subscribed to the RSS feed

      EHoegee
      EHoegeeAuthor
      Explorer
      June 12, 2023

      You saved my day!

      EHoegee
      EHoegeeAuthor
      Explorer
      June 12, 2023

      One more thing to note:

       

      https://www.fortiguard.com/psirt/FG-IR-23-097

       

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      June 13, 2023

      Can someone from FTNT tell us when those release notes would be updated to include "no longer vulnerable" statement in? Don't seem to be updated yet.

       

      Toshi

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      June 14, 2023

      I now see the release notes are updated to include the fixes.

       

      Thanks,

       

       

      Toshi

      Jirka1
      Jirka1
      Explorer II
      June 14, 2023

      Guys,

      can GEO block be used with SSL VPN as a temporary workaround?
      I tried and when setting a different country than the one I'm trying to connect from the portal didn't even load.

       

      Thanks.

       

      Jirka

      Late2IT
      Late2IT
      New Member
      June 14, 2023

      Doing anything other than the recommended solution is not advisable. If that action is taken as a mitigating measure, make sure you CYA.

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      July 7, 2023

      Does FTNT have any official response to this claim yet? Maybe prohibited to say anything until the new patch version is ready though.
      https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html

       

      Toshi

       

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      July 7, 2023

      I posted the old link above. Which was addressed by the recent release. I was concerning about a different post below, but I misread the content and it was not talking about an additional vulnerability, but many of them in the world are still not upgraded to the patched version.

      So it was a faulse alarm. Sorry about that.

      https://thehackernews.com/2023/07/alert-330000-fortigate-firewalls-still.html

       

      Toshi

      parteeksharma
      Staff
      parteeksharma
      Staff
      July 8, 2023

      Hi EHoegee,
      Please check below link for more information related to CVE-2023-27997

      https://www.fortiguard.com/psirt/FG-IR-23-097

      Regards,
      Parteek

        Terms & ConditionsAccessibility statement