CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

Project:Fortinet

Product:FortiOS and FortiProxy SSL-VPN

Date Added:2023-06-13Due Date:2023-07-04Last Updated:June 21, 2025

Vulnerability Name

Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

Description

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-23-097

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

Related News Articles

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacksJanuary 16, 2026

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypassJanuary 2, 2026

Critical Fortinet flaws now exploited in Qilin ransomware attacksJune 6, 2025

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink ExploitApril 11, 2025

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devicesApril 11, 2025

Related Weaknesses