all InfoSec news
CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
Cyber Exposure Alerts www.tenable.com
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.
Background
On June 12, Fortinet published an advisory (FG-IR-23-097) for a critical vulnerability in FortiOS and FortiProxy:
CVE | Description | CVSSv3 | Severity |
---|---|---|---|
CVE-2023-27997 | FortiOS and FortiProxy Heap Buffer Overflow in SSL-VPN | 9.2 | Critical |
In addition to CVE-2023-27997, Fortinet …
advisory buffer buffer overflow cases critical critical flaw cve exploited flaw fortinet fortinet fortios fortios fortiproxy june may organizations overflow patches product ssl vpn