Attacker Value
Very High
(2 users assessed)
Exploitability
Moderate
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
5

CVE-2023-27997

Disclosure Date: June 13, 2023
CVE-2023-27997 CVSS v3 Base Score: 9.8
Exploited in the Wild
Reported by mikecybersecaspire and 2 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Initial Access
Techniques
Validation
Validated
Validated

Description

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Add Assessment

2
Ratings
Observed in state-sponsored attacks
Technical Analysis

A July 2024 bulletin from multiple U.S. government agencies indicates that North Korean state-sponsored attackers have demonstrated interest in this vulnerability — not immediately clear whether it was exploited or just used in reconnaissance/target selection: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a

Log in to Add Reply
1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Common in enterpriseEasy to weaponizeGives privileged accessUnauthenticated
Technical Analysis

This vulnerability is expected to be of very high value as Fortigate SSL VPN vulnerabilities have been exploited in the past, particurlarly by state sponsored or otherwise-motivated IAB actors. Fortinet also predict that whilst there isn’t an official link to Volt Typhoon, they do expect the majority of TA’s exploiting this vulnerability, Volt Typhoon have been known to exploit prior Fortigate SSL VPN vulns as part of their initial access campaign.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
FortiOS-6K7K 7.0.10
FortiOS-6K7K 7.0.5
FortiOS-6K7K 6.4.12
FortiOS-6K7K 6.4.10
FortiOS-6K7K 6.4.8
FortiOS-6K7K 6.4.6
FortiOS-6K7K 6.4.2
FortiOS-6K7K 6.2.13
FortiOS-6K7K 6.2.7
FortiOS-6K7K 6.2.4
FortiOS-6K7K 6.0.16
FortiOS-6K7K 6.0.10
FortiProxy 7.2.3
FortiProxy 7.0.9
FortiProxy 2.0.12
FortiProxy 1.2.13
FortiProxy 1.1.6
FortiOS 7.2.4
FortiOS 7.0.11
FortiOS 6.4.12
FortiOS 6.2.13
FortiOS 6.0.16
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • fortinet

Products

  • fortios,
  • fortios 6.0.10,
  • fortios 6.2.4,
  • fortios 6.2.6,
  • fortios 6.2.7,
  • fortios 6.4.10,
  • fortios 6.4.12,
  • fortios 6.4.2,
  • fortios 6.4.6,
  • fortios 6.4.8,
  • fortios 7.0.10,
  • fortios 7.0.5,
  • fortiproxy

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis