/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
Experts have revealed that hundreds of thousands of FortiGate firewalls actively used in the wild have yet to be patched against a flaw.
Cybersecurity researchers at Bishop Fox recently used the Shodan.io search engine for Internet-connected devices to look for servers with HTTPS responses, which revealed that the software was out of date.
The results returned approximately 490,000 Fortinet SSL-VPN Internet-exposed interfaces, of which approximately two-thirds (338,100 endpoints) were unpatched.
multiple secure versions
These firewalls are said to be vulnerable to CVE-2023-27997, a heap-based buffer overflow vulnerability with a 9.8 severity score. This flaw affects SSL-VPN enabled FortiOS and FortiProxy devices. Last night, Fortinet released a patch, saying that the vulnerable endpoints “may have been exploited in a limited number of cases.”
If you haven’t patched your firewalls yet, be sure to bring them up to version 7.2.5, 7.0.12, 6.4.13, or 6.2.15, as all of these are said to have fixed the problem .
In addition to urging users to apply the fix, Bishop Fox also developed a proof of concept (PoC), which exploits the flaw to achieve remote code execution. Through the exploit, the researchers managed to take over the affected network gear. The researchers also found a “handful of devices” running an eight-year-old version of the operating system.
“I wouldn’t touch a 10-foot pole vaulter,” commented Caleb Gross, director of capacity development at Bishop Fox.
Gross said their exploit “breaks the stack, connects back to an attacker-controlled server, downloads a busybox binary, and opens an interactive shell.”
The vulnerability was first discovered in early June and reported to Fortinet, which issued a patch on June 8, and a week later, on June 13, The Register reported detailing the exploit process. .
Via: Register
