Fortinet’s Fortigate VPN servers are currently under the spotlight for a critical vulnerability that potentially enables an unauthenticated attacker to remotely seize control of the devices. Fortinet has promptly released security updates to mitigate the threat, although specific details about the security gap, designated as CVE-2023-27997, have not been provided by the company. According to the Australian Cyber Security Centre (ACSC), this vulnerability could lead to the execution of arbitrary code and unauthorized actions.
Researchers Charles Fol and Dany Bach discovered the vulnerability, describing it as a “preauthentication” remote code execution issue. This means an attacker only needs to access the device to carry out an attack, with no requirement for login credentials. The researchers have announced that further details will be disclosed in due time. At present, there is no information available on Fortinet’s website regarding the vulnerability.
Fortinet’s Fortigate is a firewall solution equipped with VPN functionality. The ACSC affirms that the vulnerability only presents itself when the VPN function is active. Microsoft and the US government recently issued a warning stating that vital American infrastructure had become a target for a Chinese-operated espionage group. This group reportedly managed to compromise organizations via Fortinet FortiGuard devices, leading to information theft. Microsoft is currently investigating how the attackers gained access to the FortiGuard devices.
How to patch
Follow the steps below to ensure your Fortinet Fortigate VPN is updated with the latest patches addressing the critical vulnerability CVE-2023-27997:
Step 1: Verify Current Firmware Version
Before you begin, it’s crucial to identify the current firmware version of your Fortinet Fortigate VPN. You can do this by logging into the device’s dashboard and checking the ‘System Information’ section.
Step 2: Access the Fortinet Support Site
Visit the Fortinet Support site at https://support.fortinet.com. Here you will find the latest updates and patches for Fortinet products.
Step 3: Log in to Your Account
You’ll need to have a valid Fortinet account to access the necessary patches. Log in using your credentials. If you don’t have an account yet, create one by following the site’s registration process.
Step 4: Locate the Latest Firmware
Once logged in, navigate to the ‘Download’ section. Search for Fortigate VPN in the product list and select your specific Fortigate model. Click on ‘Firmware Images’ to view all available updates.
Step 5: Download the Correct Patch
Look for the patch addressing CVE-2023-27997 in the list of available firmware updates. Download the patch file to your local system. Ensure you’re downloading the correct version compatible with your device model.
Step 6: Apply the Patch
Log back into your Fortinet Fortigate VPN’s dashboard. Navigate to ‘System’ > ‘Firmware.’ Click on ‘Update,’ then ‘Upload File,’ and select the patch file you just downloaded. Confirm your action to initiate the update process.
Step 7: Monitor the Installation
During the update, your device may restart multiple times. Monitor the process and wait until it’s completed. The dashboard will show the new firmware version once the update is successful.
Step 8: Test Your VPN
After updating, make sure to test your VPN thoroughly. Ensure that all functionalities are working as expected and that the device is stable.
Step 9: Regularly Check for Updates
To keep your Fortinet Fortigate VPN secure, regularly visit the Fortinet Support site and apply any new patches promptly.
Remember, promptly applying security updates is a key aspect of maintaining a secure network. Stay vigilant against potential threats and ensure your systems are always up-to-date.