CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Project:Fortinet
Product:FortiOS and FortiProxy SSL-VPN
Date Added:2023-06-13Due Date:2023-07-04Last Updated:June 21, 2025
Vulnerability Name
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Description
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-23-097
https://nvd.nist.gov/vuln/detail/CVE-2023-27997
Related News Articles
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacksJanuary 16, 2026
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypassJanuary 2, 2026
Critical Fortinet flaws now exploited in Qilin ransomware attacksJune 6, 2025
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink ExploitApril 11, 2025
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devicesApril 11, 2025