This advisory is for organizations that use FortiOS and FortiProxy. If your organization does not use this device, this notification may be discarded.
Last week, Fortinet released updates to address a security flaw in FortiOS and FortiProxy SSL-VPN that could allow an unauthenticated remote user to execute arbitrary commands or code due to a heap-based buffer overflow weakness within these products.
Summary
Fortinet users that have SSL-VPN enabled and exposed to the public internet are susceptible to this vulnerability if they are using the unpatched version.
CVE-2023-27997 – CVSSv3 9.2: FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication
Fortinet has released a PSIRT Advisory indicating the affected products and recommends that organizations apply patches as soon as possible. https://www.fortiguard.com/psirt/FG-IR-23-097
Additional Resources
https://www.thestack.technology/fortinet-vulnerability-vpn-cve-2023-27997/