CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

项目:Fortinet

产品:FortiOS and FortiProxy SSL-VPN

添加日期:2023-06-13到期日:2023-07-04最后更新:June 21, 2025

漏洞名称

Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

描述

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

已知用于勒索软件活动吗?

Known

采集行动

Apply updates per vendor instructions.

其他说明

https://www.fortiguard.com/psirt/FG-IR-23-097

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

相关新闻文章

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacksJanuary 16, 2026

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypassJanuary 2, 2026

Critical Fortinet flaws now exploited in Qilin ransomware attacksJune 6, 2025

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink ExploitApril 11, 2025

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devicesApril 11, 2025

相关 CWE