FortiOS/FortiProxy [CVE-2023-27997] Ingrid Vulnerability [CVE-2023-27997] may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. Remediation & Mitigation Use Vulnerability Detection to search for CVE-2023-27997. Navigation Options SPM App: Vulnerability Detection CM App: Vulnerability Detection Insurance App: Vulnerability Detection See potential exposure: The results of the product fingerprinting scan identifying companies using Fortinet VPN is available to customers, which may indicate that FortiOS, FortiProxy, and possibly other Fortinet products are in use. The scan is specific to Fortinet VPN and does not include version information. Use this as evidence of potential exposure (not confirmed) based on the possible use of the affected product. Contact your Bitsight Customer Success Manager or Bitsight Support to learn more. Resources NIST, “CVE-2023-27997 Detail” Fortinet, Inc. Blog, “Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign” November 25, 2024: Detectable. June 29, 2023: Research update. June 16, 2023: Published. Related articles Expired Infrastructure Ivanti Connect Secure and Policy Secure Adding Assets to Your Infrastructure CM App: Portfolio Dashboard TLS/SSL Configurations Risk Vector Feedback 0 comments Please sign in to leave a comment.