2023-07-04 08:39:00
Attackers are currently targeting the SSL VPN component in Fortinet network devices running FortiOS. Security researchers are now warning of a possible expansion of the attacks. Attacks should be possible with comparatively little effort.
Advertisement
Patch now!
In a post, security researchers from Bishopfox explainthat they released Exlpoitcode. This allows network admins to check systems for vulnerabilities. Attackers can also misuse the code for attacks. The exploit triggers a memory error in a matter of seconds, establishes contact with a server, downloads a BusyBox binary and sets up an interactive shell.
According to their own statements, in the course of development, the researchers came across 490,000 SSL VPN interfaces accessible via the Internet. Of these, around 335,000 systems are said to have not yet been patched. According to the researchers, many devices have not received any updates for eight years. Some are still running FortiOS 6.0, which ended support in September last year.
Since the interfaces are publicly accessible, this is an easy game for attackers. Admins should therefore immediately install the security patches that have been available since June 2023. At this point, Fortinet spoke of a “limited number” of attacks. In a warning message, the manufacturer lists the FortiOS versions protected once morest the attacks.
Malicious Code Vulnerability
Die „criticalVulnerability (CVE-2023-27997) affects the network operating system FortiOS. Due to the vulnerability, attackers attack the SSL VPN component with crafted requests without authentication and trigger a memory error. They then push malicious code onto systems and execute it. After that, devices are considered fully compromised.
Advertisement
Updated 07/04/2023 11:02 am
Added support periods: FortiOS 6.0 end of support September 29, 2022. FortiOS 6.2 end of support September 28, 2023.
(of the)
To home page
1688461928
#Patch #Fortinet #SSL #VPN #interfaces #vulnerable #attack