CVE-2023-27997

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks By Sergiu Gatlan April 11, 2025 12:08 PM 0 Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. Earlier this week, Fortinet began sending emails to customers warning that their FortiGate/FortiOS devices were compromised based on telemetry received from FortiGuard devices...

MirrorFace hackers targeting Japanese govt, politicians since 2019 By Bill Toulas January 9, 2025 12:20 PM 0 The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed "MirrorFace" hacking group. The campaign has been underway since 2019 and is still ongoing, while the Japanese investigators have observed distinct phases with differentiation of targets and attack methods. In all cases, t...

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 By Sergiu Gatlan November 12, 2024 11:48 AM 0 ​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advisory published on Tuesday calls for organizations worldwide to immediately patch these security flaws and deploy patch management systems to minimize their networks' exposure to poten...

Fortinet warns of new critical FortiManager flaw used in zero-day attacks By Lawrence Abrams October 23, 2024 11:05 AM 0 Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails se...

Google: 70% of exploited flaws disclosed in 2023 were zero-days By Bill Toulas October 16, 2024 06:12 PM 0 Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. Specifically, of the 138 vulnerabilities disclosed as actively exploited in 2023, Mandiant says 97 (70.3%) were leveraged as zero-days. This means that threat actors exploited the flaws in attacks before the impacted ...

Exploit released for maximum severity Fortinet RCE bug, patch now By Sergiu Gatlan May 28, 2024 12:16 PM 0 ​Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a command injection vulnerability discovered and reported by Horizon3 vulnerability expert Zach Hanley that enables remote command e...

Fortinet warns of critical RCE bug in endpoint management software By Sergiu Gatlan March 13, 2024 02:48 PM 0 Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices. The security flaw (C...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources And it's already being exploited in the wild, probably

Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment. The remote code execution vulnerability, tracked as CVE-2023-27997, was spotted and disclosed by Lexfo security analysts Charles Fol and Dany Bach. Fortinet has warned the bug looks to have been exploited in the wild already. The security flaw lies within the SSL-VPN, so if you have that enabled, you are potentially vulnerable to attack. "This is reachable pre-authentication, ...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps?

More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that's being exploited in the wild. This is according to infosec outfit Bishop Fox, which has developed an example exploit for achieving remote code execution via the hole. Successful exploitation of the pre-authentication vulnerability can allow an intruder to take over the network equipment. Bishop Fox warned: "You should patch yours now." Fortinet did not respon...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources A huge attack surface for a vulnerability with various PoCs available

The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 – down only slightly from more than 150,000 ten days prior. Fortinet patched CVE-2024-21762 in early February, well over a month ago. It's a 9.6 severity vuln...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources From targeted espionage to pre-positioning - not that they are mutually exclusive

The Chinese government's intrusions into America's telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks. The FBI and other US federal agencies rang in 2024 boasting about disrupting a Chinese botnet composed of "hundreds" of outdated routers intent on breaking into US critical infrastructure facilities. Spoiler alert: the botnet is back. This same government-backed crew also compromised at ...