In a move to protect its customers, Fortinet has released a warning regarding the recently patched vulnerability known as CVE-2023-27997. The company has reason to believe that it may have already been used as a zero-day exploit in targeted attacks with a narrow reach.


Fortinet released a cautionary statement to its clientele on Monday, notifying them of a recently resolved vulnerability, known as CVE-2023-27997. The company also raised concern about its potential exploitation as a zero-day in isolated attacks.

Recent reports have revealed that Fortinet's updates for their FortiOS operating system have successfully addressed the severe vulnerability, allowing for remote and unauthenticated execution of arbitrary code.

Fortinet has confirmed the updates for Monday and emphasized that the latest patches for FortiOS and FortiProxy have successfully addressed the flaw. The vulnerability, classified as a critical heap-based buffer overflow in the SSL-VPN module, is now remedied and no longer poses a threat for remote hackers to execute malicious commands through carefully crafted requests.

Moreover, Fortinet has officially verified the researchers responsible for disclosing the issue over the weekend. Charles Fol and Dany Bach from the French cybersecurity firm Lexfo were instrumental in bringing the vulnerability to the company's attention. Thanks to their diligence, Fortinet was able to promptly address the vulnerability and protect its users from potential attacks.

Furthermore, Fortinet not only provided guidance on the matter, but also published a compelling blog post on Monday elaborating that CVE-2023-27997 was merely one of the six FortiOS weaknesses addressed in the recent patches.

These additional vulnerabilities were identified internally during a thorough examination of the SSL-VPN component, prompted by the utilization of CVE-2022-42475 by a Chinese threat actor in real-life attacks against government agencies and other institutions.

In light of the recent zero-day discovery, Fortinet has conducted a thorough investigation and found that CVE-2023-27997 may have been exploited in a small number of instances. Therefore, Fortinet is working closely with its customers to closely monitor the situation.

In light of this information, Fortinet strongly urges customers who have enabled SSL-VPN to promptly upgrade to the latest firmware release. For those who are not using SSL-VPN, Fortinet still advises upgrading as a precautionary measure to minimize any potential risks associated with the problem.