Fortinet firewalls were found to have a critical remote code execution (RCE) vulnerability that affects their Fortigate SSL VPN devices. The vulnerability is CVE-2023-27997, and Fortinet released a patch in the form of a firmware update to resolve the issue. The updated firmware versions are 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
Despite releasing the patch weeks ago, over 300,000 Fortinet firewalls are still affected by the vulnerability. Check the firmware version on your Fortigate firewall to see if it is up to date, as it is critical, is already being exploited, and applies even prior to authentication.
Remote code execution vulnerabilities are particularly dangerous security flaws that enable hackers to remotely execute arbitrary code on your device that could steal sensitive information, escalate their privileges, or install malware. They should be patched as quickly as possible.