In today’s SensCy Cyber Alert, your SensCy team has found that, according to current reports by BishopFox, at least 330,000 Fortinet SSL-VPN are still unpatched and vulnerable.
The vulnerability, tracked as CVE2023-27997, is impacting both Fortinet FortiOS and FortiProxy SSL-VPN appliances and it could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Patches were released earlier in June for versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. You can find the list of affect procuts following this link.
Fortinet and FortiGate vulnerabilities are known to be very lucrative attack vectors for threat actors. We highly recommend applying those patches immediately to mitigate any potential risks.
If you have any questions, please contact your Cyber Advocate.