Network security company Fortinet has warned that a new vulnerability impacting its SSL-VPN product may have been exploited in the wild in a limited number of cases.
Tracked as CVE-2023-27997, the flaw is a heap-based overflow issue that resides in the SSL-VPN feature. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code on the target system by sending specially crafted requests to the SSL-VPN interface. Fortinet addressed the issue in an update released last week. Organizations are strongly advised to apply these patches as soon as possible.
The company said in a blog post that CVE-2023-27997 was just one of the six FortiOS vulnerabilities patched in the latest updates. The blog post also mentions CVE-2022-40684, an authentication bypass issue in Fortinet FortiGate and FortiProxy believed to have been exploited in a recently disclosed Volt Typhoon cyber-espionage campaign targeting critical infrastructure organizations in the United States.
The company didn’t provide information about attacks exploiting CVE-2023-27997, but said that the bug does not appear to have been exploited in the Volt Typhoon campaign. The vendor added that it “expects all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.”
For this reason, Fortinet urged “immediate and ongoing mitigation through an aggressive patching campaign.”