CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below,...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 09, 2023
Published Date: June 13, 2023
Last Updated: October 23, 2024
Vendor: Fortinet
Product: FortiOS-6K7K, FortiProxy, FortiOS
Description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

CVSS Scores

CVSS v3.1

9.2 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2023-06-13 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2023-06-22 14:16:44 UTC) Source
Used in Malware: Yes (added 2023-06-13 00:00:00 UTC) Source

References

https://fortiguard.com/psirt/FG-IR-23-097

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-06-13 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

delsploit/CVE-2023-27997

Type: github • Created: 2023-10-12 17:50:38 UTC • Stars: 9

imbas007/CVE-2023-27997-Check

Type: github • Created: 2023-06-22 14:16:44 UTC • Stars: 1

BishopFox/CVE-2023-27997-check

Type: github • Created: 2023-06-16 20:15:36 UTC • Stars: 133

Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing

rio128128/CVE-2023-27997-POC

Type: github • Created: 2023-06-16 03:25:19 UTC • Stars: 27

POC FortiOS SSL-VPN buffer overflow vulnerability