SECURITY
SECURITY
SECURITY
Researchers warn unpatched Fortinet firewalls are exposed to critical vulnerability
Security researchers at Bishop Fox LLC Friday issued a warning that hundreds of thousands of Fortinet Inc. firewalls remain vulnerable to attack because they weren’t patched following the disclosure of a critical vulnerability in June.
The vulnerability, designated as CVE-2023-27997, is a “heap overflow” issue found in FortiOS, the operating system that powers FortiGate firewalls. The vulnerability, which is ranked as 9.8 Critical, allows an attacker to undertake remote code execution and potentially run arbitrary code on a vulnerable system.
The vulnerability affects the system’s secure sockets layer virtual private network interfaces. The Bishop Fox researchers estimate that about 490,000 are exposed on the internet. Although Fortinet has released a patch, about 69% remain unpatched, leaving them vulnerable to potential exploits.
To prove the risk presented by the vulnerability, Bishop Fox’s Capability Development team developed an exploit that involves remotely executing code that compromises the target system, allowing it to connect back to a server controlled by an attacker. Once a connection is established, the exploit downloads a binary and opens an interactive shell on the target device.
The researchers conclude by advising all Fortinet FortiGate firewall users to install the patch as soon as possible.
“The seriousness of this cannot be understated,” Timothy Morris, chief security Advisor at endpoint management company Tanium Inc., told SiliconANGLE. “Sysadmins should patch as quickly as possible.” Morris added that though patching firmware can be more cumbersome and riskier when dealing with appliances that run application gateways, given the severity of the vulnerability, it’s critical they be patched.
Andre van der Walt, director of threat intelligence at managed detection and response firm Ontinue Inc., noted that this isn’t first the first time high-profile FortiGate vulnerabilities have been found.
“While the findings from Bishop Fox are shocking, they are not surprising as it mirrors the overall trend in patching lagging significantly behind addressing new exposure in the attack surface, regardless of the technology in question,” van der Walt said. “This serves as a timely reminder that organizations need to put in place robust vulnerability management measures that identify, prioritize and addresses urgent vulnerabilities like these. Ultimately, security systems also need to be actively maintained to a high level.”
Image: Fortinet
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
