CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)

June 13, 2023, 3:08 a.m. | Satnam Narang

Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.

Background

On June 12, Fortinet published an advisory (FG-IR-23-097) for a critical vulnerability in FortiOS and FortiProxy:

CVE	Description	CVSSv3	Severity
CVE-2023-27997	FortiOS and FortiProxy Heap Buffer Overflow in SSL-VPN	9.2	Critical

In addition to CVE-2023-27997, Fortinet …

advisory buffer buffer overflow cases critical critical flaw cve exploited flaw fortinet fortinet fortios fortios fortiproxy june may organizations overflow patches product ssl vpn

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 6 days, 21 hours ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 1 week, 2 days ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 2 weeks, 1 day ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 2 weeks, 6 days ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 3 weeks, 2 days ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 1 month, 2 weeks ago | www.tenable.com

address advisory arbitrary code attacker +20

Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407) 1 month, 2 weeks ago | www.tenable.com

CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass Vulnerabilities in JetBrains TeamCity 1 month, 3 weeks ago | www.tenable.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Information Security Engineer, Sr. (Container Hardening)

@ Rackner | San Antonio, TX

View on infosec-jobs.com

BaaN IV Techno-functional consultant-On-Balfour

@ Marlabs | Piscataway, US

View on infosec-jobs.com

Senior Security Analyst

@ BETSOL | Bengaluru, India

View on infosec-jobs.com

Security Operations Centre Operator

@ NEXTDC | West Footscray, Australia

View on infosec-jobs.com

Senior Network and Security Research Officer

@ University of Toronto | Toronto, ON, CA

View on infosec-jobs.com

View more jobs

all InfoSec news

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)

Background

More from www.tenable.com / Cyber Exposure Alerts

Jobs in InfoSec / Cybersecurity

Social Engineer For Reverse Engineering Exploit Study

Information Security Engineer, Sr. (Container Hardening)

BaaN IV Techno-functional consultant-On-Balfour

Senior Security Analyst

Security Operations Centre Operator

Senior Network and Security Research Officer