Fortinet releases security advisory for critical heap-based overflow vulnerability

On June 12th, Fortinet released a security advisory for a critical heap-based buffer overflow vulnerability (CVE-2023-27997). This vulnerability is rated a 9.8/10 by the National Institute of Standards and Technology’s (NIST) Vulnerability Database and requires immediate action. This vulnerability affects FortiOS and FortiProxy SSL-VPN users and could enable hackers to obtain access to affected systems and execute malicious code.

The Fortinet Product Security Incident Response Team’s (PSIRT) advisory outlines which products should be updated to address this vulnerability. Fortinet users should review the security advisory and implement necessary updates as soon as possible. In addition to updating affected systems, Fortinet recommends the following action items:

• Review your systems for evidence of exploit of previous vulnerabilities e.g. FG-IR-22-377 / CVE-2022-40684
• Maintain good cyber hygiene and follow vendor patching recommendations
• Follow hardening recommendations, e.g., FortiOS 7.2.0 Hardening Guide
• Minimize the attack surface by disabling unused features and managing devices via an out-of-band method wherever possible

How we help

Our cybersecurity and risk services can help organizations strengthen their line of defense against phishing attacks and other destructive cybercrime tactics. 

• Aponix Protect™ to build a comprehensive cybersecurity and technology risk management program tailored to your business needs.
• Business impact analysis and business continuity plans complete with robust policies, plans, and procedures to better protect your company from data breaches and efficiently recover from a cyber incident or significant business disruption.
• Risk assessments to identify and remediate gaps in a firm’s current cybersecurity and regulatory state, as well as figure out how a firm stands up against existing frameworks (SOC, PCI, NIST). 
• Staff training and threat monitoring to educate on industry best practices, cyber trends, and emerging threats. 
• Vulnerability and penetration testing to reduce the risk of financial, operational, and reputational losses that can result from a breach. 

For questions about this alert, or to find out more about our services, please reach out to your ACA consultant or contact us.