Fortinet has launched patches to deal with a critical security flaw in its FortiGate firewalls that could be abused by a menace actor to accomplish remote code execution.
The vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on just about every SSL VPN equipment,” Lexfo Security researcher Charles Fol, who discovered and described the flaw, stated in a tweet in excess of the weekend.
Information about the security flaw are at the moment withheld and Fortinet is yet to release an advisory, even though the network security corporation is expected to launch far more information in the coming days.
French cybersecurity company Olympe Cyberdefense, in an independent inform, said the issue has been patched in versions 6.2.15, 6.4.13, 7..12, and 7.2.5.
“The flaw would let a hostile agent to interfere by means of the VPN, even if the MFA is activated,” the agency mentioned.
With Fortinet flaws emerging as a profitable attack vector for danger actors in modern decades, it truly is very advised that buyers transfer immediately to use the fixes as shortly as doable to mitigate opportunity dangers.
The Hacker News has attained out to Fortinet for additional information, and we will update the story if we hear again.
The growth arrives as Cisco and VMware released updates to deal with serious vulnerabilities influencing Expressway Sequence and TelePresence Online video Communication Server (VCS) and Aria Functions for Networks, respectively, that could guide to privilege escalation and code execution.
Located this post fascinating? Follow us on Twitter and LinkedIn to read a lot more exclusive content material we submit.
Some parts of this article are sourced from:
thehackernews.com