Exploits and vulnerabilities. [Research Saturday]

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo.
This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing …

authentication bishop fox building code code injection concept cve cve-2023-27997 demo exploit exploits exploits and vulnerabilities fortigate fortinet fortinet ssl fox injection lexfo proof proof-of-concept remote code research share ssl ssl vpn vpn vulnerabilities vulnerability work