Saturday , March 29 2025

Over 300,000+ Fortinet Firewalls are Vulnerable to a Critical RCE Flaw

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.

The vulnerability is a remote code execution with a severity score of 9.8 out of 10 resulting from a heap-based buffer overflow problem in FortiOS, the operating system that connects all Fortinet networking components to integrate them in the vendor’s Security Fabric platform.

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare  Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927)  Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft
CVE-2023-27997 is exploitable and allows an unauthenticated attacker to execute code remotely on vulnerable devices with the SSL VPN interface exposed on the web. In an advisory in mid-June, the vendor warned that the issue may have been exploited in attacks.

Fortinet addressed the vulnerability on June 11 before disclosing it publicly, by releasing FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.

ALSO READ:

Daily Cybersecurity update, July-03, 2023

Offensive security solutions company Bishop Fox reported on Friday that despite the calls to patch, more than 300,000 FortiGate firewall appliances are still vulnerable to attacks and reachable over the public internet.

Bishop Fox researchers used the Shodan search engine to find devices that responded in a way that indicated an exposed SSL VPN interface. They achieved this by searching for appliances that returned a specific HTTP response header.

They filtered the results to those that redirected to ‘/remote/login,’ a clear indication of an exposed SSL VPN interface.

The query above showed 489,337 devices but not all of them were vulnerable to CVE-2023-27997, also referred to as Xortigate. Investigating further, the researchers discovered that 153,414 of the discovered appliances had been updated to a safe FortiOS version.

 

This means that roughly 335,900 of the FortiGate firewalls reachable over the web are vulnerable to attacks, a number that is significantly higher than the 250,000 recent estimation based on other, less accurate queries, Bishop Fox researchers say.

Another discovery Bishop Fox researchers made was that many of the exposed FortiGate devices did not receive an update for the past eight years, some of them running FortiOS 6, which reached end of support last year on September 29.

These devices are vulnerable to several critical-severity flaws that have proof-of-concept exploit code publicly available.

To demonstrate that CVE-2023-27997 can be used to execute code remotely on vulnerable devices, Bishop Fox created an exploit that allows “smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary, and opens an interactive shell.”
“This exploit very closely follows the steps detailed in the original blog post by Lexfo […] and runs in approximately one second, which is significantly faster than the demo video on a 64-bit device shown by Lexfo,” Bishop Fox notes in their report.
Source: Bleepingcomputer

 

 

Check Also

Next.js

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious …

Leave a Reply

Your email address will not be published. Required fields are marked *