Created on 06-12-2023 07:21 AM
Is there any official report on this that comes from Fortinet?
I see a lot of people patching but so far no report from Fortinet.
Thank you in advance,
Evert
Solved! Go to Solution.
Created on 06-12-2023 01:52 PM
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign | Fortinet Blog
Just subscribed to the RSS feed
View solution in original post
Created on 06-12-2023 08:55 AM
Also Does the Vulnerability apply if SSL-VPN is not enabled on the Fortigate?
My config is
config vpn ssl settings
set status disable
Created on 06-12-2023 09:33 AM
Also curious about this. We disabled SSL-VPN after the last public vulnerability as a mitigation and left it disabled.
Created on 06-12-2023 09:05 AM
It seems to come out tomorrow in I guess US time.https://www.helpnetsecurity.com/2023/06/11/cve-2023-27997/
Toshi
Created on 06-12-2023 01:37 PM
Yes, that is indeed also what I got back from Support!
Created on 06-12-2023 01:56 PM
You saved my day!
Created on 06-12-2023 02:09 PM
One more thing to note:
https://www.fortiguard.com/psirt/FG-IR-23-097
Created on 06-13-2023 09:55 AM Edited on 06-13-2023 09:55 AM
Can someone from FTNT tell us when those release notes would be updated to include "no longer vulnerable" statement in? Don't seem to be updated yet.
Created on 06-13-2023 07:06 PM Edited on 06-13-2023 07:07 PM
I now see the release notes are updated to include the fixes.
Thanks,
