← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-27997 — Actively Exploited: FortiOS and FortiProxy SSL-VPN (Fortinet)

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

CVE IDCVE-2023-27997
VendorFortinet
ProductFortiOS and FortiProxy SSL-VPN
Vulnerability nameFortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Date added2023-06-13
Remediation due2023-07-04
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionFortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →