===================================================================== CERT-Renater Note d'Information No. 2023/VULN219 _____________________________________________________________________ DATE : 13/06/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): FortiOS-6K7K versions prior to 7.0.12, 6.4.13, 6.2.15, 6.0.17, FortiProxy versions prior to 7.2.4, 7.0.10, 2.0.13, FortiOS versions prior to 7.4.0, 7.2.5, 7.0.12, 6.4.13, 6.2.14, 6.0.17. ===================================================================== https://fortiguard.fortinet.com/psirt/FG-IR-23-097 _____________________________________________________________________ FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication IR Number : FG-IR-23-097 Date : Jun 12, 2023 Severity : Critical CVSSv3 Score : 9.2 Impact : Execute unauthorized code or commands CVE ID : CVE-2023-27997 Affected Products: FortiOS-6K7K: 7.0.5, 7.0.10, 6.4.8, 6.4.6, 6.4.2, 6.4.12, 6.4.10, 6.2.9, 6.2.7, 6.2.6, 6.2.4, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.10 FortiProxy: 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.12, 2.0.11, 2.0.10, 2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0 FortiOS: 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.11, 7.0.10, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.12, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 Summary A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. Affected Products At least FortiOS-6K7K version 7.0.10 FortiOS-6K7K version 7.0.5 FortiOS-6K7K version 6.4.12 FortiOS-6K7K version 6.4.10 FortiOS-6K7K version 6.4.8 FortiOS-6K7K version 6.4.6 FortiOS-6K7K version 6.4.2 FortiOS-6K7K version 6.2.9 through 6.2.13 FortiOS-6K7K version 6.2.6 through 6.2.7 FortiOS-6K7K version 6.2.4 FortiOS-6K7K version 6.0.12 through 6.0.16 FortiOS-6K7K version 6.0.10 At least FortiProxy version 7.2.0 through 7.2.3 FortiProxy version 7.0.0 through 7.0.9 FortiProxy version 2.0.0 through 2.0.12 FortiProxy 1.2 all versions FortiProxy 1.1 all versions At least FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS version 6.4.0 through 6.4.12 FortiOS version 6.0.0 through 6.0.16 Solutions Please upgrade to FortiOS-6K7K version 7.0.12 or above Please upgrade to FortiOS-6K7K version 6.4.13 or above Please upgrade to FortiOS-6K7K version 6.2.15 or above Please upgrade to FortiOS-6K7K version 6.0.17 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above Please upgrade to FortiProxy version 2.0.13 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.14 or above Please upgrade to FortiOS version 6.0.17 or above Acknowledgement Fortinet is pleased to thank Charles Fol and Dany Bach from LEXFO for bringing this issue to our attention under responsible disclosure. Timeline 2023-06-12: Initial publication ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================