"Over Two-Thirds of FortiGate Firewalls Still at Risk"

According to security researchers at Bishop Fox, approximately 69% of FortiGate firewalls affected by a recently discovered FortiOS vulnerability remain unpatched.  The flaw CVE-2023-27997 could lead to remote code execution (RCE).  It was patched by Fortinet in mid-June.  A recent advisory published by the researchers stated that they have successfully developed an exploit for the vulnerability.  The researchers noted that their exploit smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary, and opens an interactive shell.  The entire process reportedly takes approximately one second, significantly faster than an earlier demonstration provided by Lexfo.  The researchers stated that a search on Shodan, a search engine for internet-connected devices, revealed that nearly 490,000 SSL VPN interfaces exposed on the internet are affected by this vulnerability.  According to the researchers, it is important to note that previous reports estimating 250,000 exposed FortiGate firewalls based on SSL certificates alone may not accurately reflect the actual number of vulnerable devices.  This would be because the search query used in those reports did not specifically target SSL VPN interfaces, where this vulnerability resides.  The researchers noted that an in-depth analysis revealed that only 153,414 devices on the internet had been patched, leaving a concerning 69% of devices unpatched.  The researcher's analysis also highlighted the distribution of different major operating system versions.  While a significant number of installations run the latest version, FortiOS 7, there are still devices running older versions, particularly version 5, which has reached its end of life.

Infosecurity reports: "Over Two-Thirds of FortiGate Firewalls Still at Risk"