No significantly less than 330000 FortiGate firewalls are nonetheless unpatched and susceptible to CVE-2023-27997, a critical security flaw impacting Fortinet units that have come underneath energetic exploitation in the wild.
Cybersecurity business Bishop Fox, in a report published past week, said that out of almost 490,000 Fortinet SSL-VPN interfaces uncovered on the internet, about 69 per cent continue being unpatched.
CVE-2023-27997 (CVSS rating: 9.8), also called XORtigate, is a critical vulnerability impacting Fortinet FortiOS and FortiProxy SSL-VPN appliances that could allow for a remote attacker to execute arbitrary code or instructions through exclusively crafted requests.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Patches ended up introduced by Fortinet last thirty day period in versions 6..17, 6.2.15, 6.4.13, 7..12, and 7.2.5, whilst the firm acknowledged that the flaw may perhaps have been “exploited in a constrained selection of scenarios” in attacks concentrating on governing administration, production, and critical infrastructure sectors.
Bishop Fox’s examination further observed that 153,414 of the found appliances had been up to date to a patched FortiOS version.
An additional crucial discovery is that numerous of the publicly accessible Fortinet devices did not receive an update for the past 8 yrs, with the installations running FortiOS versions 5 and 6.
Presented that security flaws in Fortinet devices have been beneficial attack vectors, it really is critical that users move promptly to update to the hottest version as soon as probable.
Identified this report attention-grabbing? Follow us on Twitter and LinkedIn to study much more exclusive articles we article.
Some components of this write-up are sourced from:
thehackernews.com