9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.422 Medium
EPSS
Percentile
96.8%
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been βexploited in a limited number of casesβ in attacks targeting government, manufacturing, and critical infrastructure sectors.
The vulnerability, dubbed XORtigate and tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
LEXFO security researchers Charles Fol and Dany Bach have been credited with discovering and reporting the flaw. It was addressed by Fortinet on June 9, 2023 in the following versions -
The company, in an independent disclosure, said the issue was simultaneously discovered during a code audit that was prudently initiated following the active exploitation of a similar flaw in the SSL-VPN product (CVE-2022-42475, CVSS score: 9.3) in December 2022.
UPCOMING WEBINAR
π Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!
Fortinet further said it is not attributing the exploitation events at this stage to a Chinese state-sponsored actor codenamed Volt Typhoon, which was disclosed by Microsoft last month as leveraging an unknown zero-day flaw in internet-facing Fortinet FortiGuard devices to gain initial access to target environments.
It, however, noted it βexpects all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.β
In light of active in-the-wild abuse, the company is recommending that customers take immediate action to update to the latest firmware version to avert potential risks.
βFortinet continues to monitor the situation and has been proactively communicating to customers, strongly urging them to immediately follow the guidance provided to mitigate the vulnerability using either the provided workarounds or by upgrading,β the company told The Hacker News.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added CVE-2023-27997 to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. It is also urging federal agencies to apply the fixes by July 4, 2023.
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.422 Medium
EPSS
Percentile
96.8%