Fortinet, a well-known vendor of corporate-grade security solutions, issued an urgent patch that fixes critical vulnerabilities in two products. FortiOS and FortiProxy SSL-VPN were reportedly vulnerable to remote code execution vulnerabilities – it is common to see them graded with CVSS 8-9/10.
What is Fortinet and its products?
Fortinet is a developer of a very wide range of different software solutions, though all of them concentrate around cybersecurity. Those are EDR and SIEM solutions, network monitoring utilities, and all-encompassing appliances like FortiOS. Flexibility of available options made them an often choice among corporations. Overall, Fortinet boasts of over half a million users – as of the late summer 2022.
Though, such a wide variety of software obviously obstructs issuing hotfixes and urgent patches. You should keep an eye on and be diligent with everything you release – otherwise, problems are inevitable. Fortinet does a great job on that, but vulnerabilities still appear – and they disclosed two in the recent update for their software and firmware.
Vulnerabilities in Fortinet Products Allow for RCE
Remote code execution (RCE) flaws are always scary, as they make it possible for hackers to force your system to execute the code they want. A specifically crafted package sent to SSL-VPN pre-auth server can cause buffer overflows and allow hackers to execute whatever code they want. Fortunately, there are no confirmed cases of this vulnerability exploitation. Fortinet already released patches for all software that may be impacted by that breach. Actually, they did it last Friday, on June 9th 2023 – 3 days before releasing official notes regarding vulnerabilities.
Fortinet insists on installing the latest updates for all solutions present in the list of vulnerable ones. Reportedly, the vulnerabilities are similar to ones discovered on January 11, 2023 and dubbed CVE-2022-42475. New breach falls under CVE-2023-27997; it received the CVE index just today.
List of software solutions vulnerable to CVE-2023-27997
|FortiOS-6K7K||6.0.10, 6.0.12-6.0.16, 6.2.4, 6.2.6-6.2.7, 6.2.9-6.2.13, 6.4.2, 6.4.6, 6.4.8, 6.4.10, 6.4.12, 7.0.5, 7.0.10|
|FortiProxy||1.1, 1.2, 2.0.0-2.0.12, 7.0.0-7.0.9, 7.2.0-7.2.3|
|FortiOS||6.0.0-6.0.16, 6.2.0-6.2.13, 6.4.0-6.4.12, 7.0.0-7.0.11, 7.2.0-7.2.4.|
How to protect against vulnerability exploitation?
Well, the most obvious advice there is to follow the guides from software vendors. They can issue a patch or offer a quick fix solution that will prevent the exploit without any changes to the actual software. However, there are also proactive solutions – in all senses – that are able to counteract the threat even before the vulnerability is published.
Use protective solutions that embrace zero-trust policy. The latter is not ideal when it comes to resource-efficiency, but it makes vulnerability exploitation nearly impossible. Hackers that run exploits mainly rely on antivirus ignorance towards what is happening with a seemingly legit app. Zero-trust treats all apps as potentially hazardous, and analyzes all processes for possible malignant actions.
Using zero-trust almost always means using advanced security solutions, such as EDR or XDR. They are made specifically for protecting large networks, like ones you typically see in corporations. Such solutions are sometimes (yet not mandatory) supplied with zero-trust policy – consider picking one specifically.