No much less than 330000 FortiGate firewalls are continue to unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet products that have occur less than energetic exploitation in the wild.
Cybersecurity business Bishop Fox, in a report released final 7 days, explained that out of virtually 490,000 Fortinet SSL-VPN interfaces uncovered on the internet, about 69 per cent remain unpatched.
CVE-2023-27997 (CVSS score: 9.8), also named XORtigate, is a critical vulnerability impacting Fortinet FortiOS and FortiProxy SSL-VPN appliances that could enable a distant attacker to execute arbitrary code or instructions by means of particularly crafted requests.
Patches were released by Fortinet last month in variations 6..17, 6.2.15, 6.4.13, 7..12, and 7.2.5, even though the enterprise acknowledged that the flaw could have been “exploited in a confined number of instances” in attacks targeting govt, production, and critical infrastructure sectors.
Bishop Fox’s investigation even further observed that 153,414 of the found out appliances experienced been updated to a patched FortiOS edition.
A different vital discovery is that a lot of of the publicly available Fortinet products did not obtain an update for the past 8 years, with the installations managing FortiOS versions 5 and 6.
Offered that security flaws in Fortinet devices have been lucrative attack vectors, it is really critical that buyers shift promptly to update to the latest edition as before long as feasible.
Discovered this post intriguing? Follow us on Twitter and LinkedIn to go through much more distinctive articles we publish.
Some parts of this article are sourced from:
thehackernews.com