Fortinet’s Second VPN Vulnerability of 2023 Affects Fortigate VPN-SSL Protocol
Fortinet has patched a critical remote code execution vulnerability in its Secure Sockets Layer network protocol that could give adversaries access to networks.
The vulnerability affects all versions of Fortigate firewalls, and specifically the Secure Sockets Layer VPN functionalities that allow individual users to access an organization’s network. It can be exploited without credentials and can bypass multifactor authentication, according to French cybersecurity firm Olympe Cyberdefense, which uncovered the flaw on Friday.
Olympe said a CVE for the vulnerability will be released on Tuesday.
Following the disclosure, Fortinet on Friday rolled out patches to firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. The company has not publicly acknowledged the vulnerability, but in a statement to Information Security Media Group it said that it had alerted customers confidentially prior to release of the advisory.
Security researchers and developer communities said the patches released Friday by the company also contain fixes for the new RCE flaw.
No attacks exploiting this vulnerability have been reported. It is the second flaw reported by Fortinet this year. In January, a suspected Chinese government-backed group exploited a Fortinet VPN vulnerability tracked as CVE-2022-42475 to deliver a Linux backdoor malware variant (see: Fortinet VPN Flaw Shows Pitfalls of Security Appliances).
Security firm Mandiant, which uncovered the Chinese campaign, said nation-state actors are more actively exploiting vulnerabilities in security appliances such as Fortigate because of the difficulty in detecting malicious activity.