- June 29, 2023: Research update.
- June 16, 2023: Published.
Vulnerability [CVE-2023-27997] may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Remediation & Mitigation
- Our security research team has completed investigations into possible scanning for this vulnerability. We have determined that a check at the version- and vulnerability-specific level is not possible to do without resorting to intrusive methods which we will not pursue.
- See potential exposure: The results of the product fingerprinting scan identifying companies using Fortinet VPN is available to customers, which may indicate that FortiOS, FortiProxy, and possibly other Fortinet products are in use. The scan is specific to Fortinet VPN and does not include version information. Use this as evidence of potential exposure (not confirmed) based on the possible use of the affected product. Contact your Bitsight Customer Success Manager or Bitsight Support to learn more.