CVE-2023-27997 — Actively Exploited: FortiOS and FortiProxy SSL-VPN (Fortinet)
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
| CVE ID | CVE-2023-27997 |
|---|---|
| Vendor | Fortinet |
| Product | FortiOS and FortiProxy SSL-VPN |
| Vulnerability name | Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability |
| Date added | 2023-06-13 |
| Remediation due | 2023-07-04 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →