Vulnerability Watch

Forum Discussion

snarang's avatar
snarang
Product Team
3 years ago

FortiOS and FortiProxy SSL-VPN Flaw May Have Been Exploited (

FortiOS and FortiProxy SSL-VPN Flaw May Have Been Exploited (CVE-2023-27997)

On June 12, Fortinet published FG-IR-23-097, an advisory for a critical flaw in FortiOS and FortiProxy SSL-VPN:

  • CVE-2023-27997

On June 11, Charles Fol, one of the researchers that disclosed the flaw to Fortinet (along with Dany Bach of LEXFO), tweeted about the vulnerability, noting that it is “reachable pre-authentication, on every SSL VPN appliance.”

In a supplemental blog post about the vulnerability, Fortinet says it “may have been exploited in a limited number of cases” though they do not share any further details.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

No RepliesBe the first to reply