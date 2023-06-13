Fortinet He released of the patches to face a serious security vulnerability in its FortiGate firewalls that could be exploited by a menacing actor to obtain the remote execution of malicious code, already not long ago the company had corrected the problems of some of its applications.

The vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on each SSL VPN appliance“, has said in a tweet over the weekend, Lexfo security researcher Charles Fol discovered and reported the flaw.

Details about the security vulnerability are currently withheld, and Fortinet has yet to issue an advisory, although the network security firm is expected to release more details in the coming days.

French cybersecurity firm Olympe Cyberdefense said in an independent advisory that the issue has been fixed in versions 6.2.15, 6.4.13, 7.0.12 and 7.2.5.

“The flaw would allow a hostile agent to interfere via the VPN, even if MFA is enabled“, noted the company.

With Fortinet vulnerabilities that they emerge as a profit-making attack vector for bad actors in recent yearsit is highly recommended that users move quickly to apply fixes as soon as possible to mitigate potential risks.

The development comes as Cisco and VMware have released updates to address serious vulnerabilities affecting Expressway Series and TelePresence Video Communication Server (VCS) and Aria Operations for Networks, respectively, which could lead to privilege escalation and code execution.

Fortinet statement, updates on the matter

Fortinet shared the following statement following the story’s publication

“Timely and ongoing communication with our customers is a key component in our efforts to best protect and secure their organization. There are instances where advance and confidential customer communication may include advance notice of alerts to allow customers to further strengthen their security posture, before the alert is publicly released to a wider audience.”

The company later added: “This process follows best practices for responsible disclosure to ensure our clients have the timely information they need to help them make informed risk-based decisions. For more information on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page: https://www.fortiguard.com/psirt_policy.”