Over 338,000 Fortinet FortiGate Firewalls Vulnerable to Critical Security Flaw

Security firm Bishop Fox has discovered that over 338,000 Fortinet FortiGate firewalls are missing a crucial security update for a critical vulnerability, allowing attackers to compromise these devices remotely. The U.S. government recently warned that actively exploiting this security flaw is underway.

Details of the Security Flaw: The security flaw, CVE-2023-27997, enables attackers to execute arbitrary code and commands on the equipment by sending specially crafted requests. The severity of this vulnerability has been rated at 9.2 on a scale of 1 to 10. Exploitation is only possible when the SSL VPN interface is enabled. Bishop Fox conducted an internet scan and detected 490,000 FortiGate firewalls with the SSL VPN interface accessible from the internet. Out of these, 338,000 (69 percent) were found to be missing the security update for CVE-2023-27997. Administrators are strongly urged to install the update promptly.

Action Required: Administrators responsible for Fortinet FortiGate firewalls should take the following actions:

1. Install the Security Update: Ensure the necessary security update for CVE-2023-27997 is promptly installed on all affected devices.
2. Disable Unnecessary Interfaces: Evaluate the necessity of having the SSL VPN interface accessible from the internet. Disable any interfaces that are not essential to reduce the attack surface.
3. Monitor for Unauthorized Access: Implement proper monitoring and intrusion detection mechanisms to detect any unauthorized activity or attempts to exploit the vulnerability.
4. Follow Best Practices: Stay updated with Fortinet’s security advisories and best practices for device configuration and management to enhance overall security posture.

The critical security flaw affecting over 338,000 Fortinet FortiGate firewalls demands immediate attention. Installing the security update and implementing recommended security measures are crucial to protect these devices from remote takeover and potential misuse. Administrators should act swiftly to ensure the security and integrity of their network infrastructure.