DEV Community

Cover image for CVE-2023-27997: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2023-27997: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

#fortinet #fortiosandfortiproxysslvpn #cybersecurity #vulnerability

CVE ID

CVE-2023-27997

Vulnerability Name

Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

  • Project: Fortinet
  • Product: FortiOS and FortiProxy SSL-VPN

Date

  • Date Added: 2023-06-13
  • Due Date: 2023-07-04

Description

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-23-097; https://nvd.nist.gov/vuln/detail/CVE-2023-27997

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)