Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now

Sead Fadilpašić

July 4, 2023 at 11:24 AM·2 min read

Hundreds of thousands of FortiGate firewalls are yet to be patched against a flaw being actively used in the wild, experts have revealed.

Cybersecurity researchers from Bishop Fox recently used the Shodan.io search engine for internet-connected devices to look for servers with HTTPS responses that suggested the software was outdated.

The results brought back almost 490,000 Fortinet SSL-VPN internet-exposed interfaces, with roughly two-thirds (338,100 endpoints) being unpatched.

Multiple secure versions

These firewalls are said to be vulnerable to CVE-2023-27997, a heap-based buffer overflow vulnerability with a 9.8 severity score. The flaw affects FortiOS and FortiProxy devices with SSL-VPN enabled. Last night, Fortinet issued a patch, and said that the vulnerable endpoints “may have been exploited in a limited number of cases.”

If you are yet to patch your firewalls, make sure to bring them up to versions 7.2.5, 7.0.12, 6.4.13, or 6.2.15, as all of these are said to have addressed the issue.

Besides urging users to apply the fix, Bishop Fox has also developed a proof of concept (PoC), an exploit abusing the flaw to achieve remote code execution. Through the exploit, the researchers managed to take over the affected network gear. The researchers also found a “handful of devices” running a version of the operating system that’s eight years old.

> Fortinet warns VPN users targeted by critical vulnerability

> Nasty vulnerability in Fortinet firewalls, proxies abused in real-world attacks

> These are the best endpoint protection services today

"I wouldn't touch those with a 10-foot pole,” commented Caleb Gross, director of capability development at Bishop Fox.

Gross added that their exploit "smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary, and opens an interactive shell."

The vulnerability was first discovered in early June and reported to Fortinet, which released the patch on June 8, and a detailed breakdown of the exploit process a week later, on June 13, The Register reports.

Check out the best malware protection software around

Via: The Register

Yahoo Sports
Benches clear as Red Sox's Chris Martin takes exception to Brewers bunting on him
An argument between Boston Red Sox reliever Chris Martin and Milwaukee Brewers first base coach Quintin Berry caused a bench-clearing confrontation at Fenway Park on Sunday.
Autoblog
Rhode Island asking kei car owners to turn in their registration
Rhode Island is making it illegal to register a kei car, and it's asking enthusiasts who already have one to turn in their registration.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Lexi Thompson, 29, set to retire after the 2024 LPGA season
Thompson will be competing in her 18th straight U.S. Women's Open later this week.
Yahoo Sports
Umpire Ángel Hernández, after long and controversial run in Major League Baseball, set to retire
Ángel Hernández, by both fans and players alike, has long been considered one of the most hated umpires in Major League Baseball.
Yahoo Finance
Nvidia stock leaps to latest record — thanks to Elon Musk
The increase of AI investment has continued to boost optimism over Nvidia's growth as the chipmaker continues its record-setting stock rally.
Autoblog
California launching pilot program to charge drivers for miles driven
California will soon begin testing a pilot program that will tax drivers based on the miles they log to offset the loss of gas tax revenues from EVs.
Yahoo Sports
Ex-Jaguars kicker Brandon McManus accused of sexual assault in lawsuit after alleged incident on team flight
Brandon McManus allegedly sexually assaulted two flight attendants on the team's charter flight to London for a game last season.
Yahoo Sports
5 things to know from the weekend in MLB: Here's how Braves are going to cope after Ronald Acuña's heartbreaking injury
A league without a fully operational Acuña is a less interesting, less enjoyable league. His absence will be loud.
Yahoo Finance
Some Americans live in a parallel economy where everything is terrible
Many Americans mistakenly think the economy is shrinking and the stock market is tanking. What gives?
Engadget
SpaceX Raptor engine test ends in a fiery explosion
A SpaceX testing stand at the company's McGregor, Texas facilities went up in flames during a test of its Raptor 2 engines on the afternoon of May 23.
Yahoo Sports
Auburn RB Brian Battie critically wounded in Sarasota shooting
Battie's older brother Tommie was killed and three others were shot early Saturday morning .
Yahoo Sports
Miguel Sano's heating pad blunder might be MLB's most embarrassing 2024 injury
Los Angeles Angels infielder Miguel Sano suffered a burn on his left knee after leaving a heating pad on too long, according to manager Ron Washington.
Yahoo Sports
Charles Barkley calls TNT leaders 'clowns,' suggests his production company could take over 'Inside The NBA'
Charles Barkley wants to keep the crew together.
Yahoo Sports
NBA playoffs: Kristaps Porzingis ruled out for Game 4 with lingering calf injury, Tyrese Haliburton questionable
Kristaps Porzingis had been reportedly targeting Game 4 to make his return to the court.
Yahoo Life Shopping
Amazon's secret overstock section is bursting with huge savings for Memorial Day — starting at $6
Save big on amazing hidden deals, from knives to patio string lights and more.
Yahoo Finance
The Fed's favored inflation gauge highlights shortened trading week: What to know this week
The Fed's preferred inflation gauge will test a stock market near record highs in a holiday-shortened trading week.
Yahoo Sports
Justin Verlander passes Greg Maddux to enter top 10 of MLB all-time strikeout list
Next up on the list: Walter Johnson.
Yahoo Sports
Shohei Ohtani reportedly buys $7.85 million Los Angeles mansion from Adam Carolla
Ohtani will live about 20 minutes from Dodger Stadium.
Yahoo Sports
Angel Reese thanks Alyssa Thomas for flagrant foul: 'I got back up and I kept going and kept pushing'
Angel Reese said she wanted to get "knocked down" at the next level, and she got her wish.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now

Multiple secure versions

Recommended Stories

Benches clear as Red Sox's Chris Martin takes exception to Brewers bunting on him

Rhode Island asking kei car owners to turn in their registration

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Lexi Thompson, 29, set to retire after the 2024 LPGA season

Umpire Ángel Hernández, after long and controversial run in Major League Baseball, set to retire

Nvidia stock leaps to latest record — thanks to Elon Musk

California launching pilot program to charge drivers for miles driven

Ex-Jaguars kicker Brandon McManus accused of sexual assault in lawsuit after alleged incident on team flight

5 things to know from the weekend in MLB: Here's how Braves are going to cope after Ronald Acuña's heartbreaking injury

Some Americans live in a parallel economy where everything is terrible

SpaceX Raptor engine test ends in a fiery explosion

Auburn RB Brian Battie critically wounded in Sarasota shooting

Miguel Sano's heating pad blunder might be MLB's most embarrassing 2024 injury

Charles Barkley calls TNT leaders 'clowns,' suggests his production company could take over 'Inside The NBA'

NBA playoffs: Kristaps Porzingis ruled out for Game 4 with lingering calf injury, Tyrese Haliburton questionable

Amazon's secret overstock section is bursting with huge savings for Memorial Day — starting at $6

The Fed's favored inflation gauge highlights shortened trading week: What to know this week

Justin Verlander passes Greg Maddux to enter top 10 of MLB all-time strikeout list

Shohei Ohtani reportedly buys $7.85 million Los Angeles mansion from Adam Carolla

Angel Reese thanks Alyssa Thomas for flagrant foul: 'I got back up and I kept going and kept pushing'