CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
项目:Fortinet
产品:FortiOS and FortiProxy SSL-VPN
添加日期:2023-06-13到期日:2023-07-04最后更新:June 21, 2025
漏洞名称
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
描述
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
已知用于勒索软件活动吗?
Known
采集行动
Apply updates per vendor instructions.
其他说明
https://www.fortiguard.com/psirt/FG-IR-23-097
https://nvd.nist.gov/vuln/detail/CVE-2023-27997
相关新闻文章
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacksJanuary 16, 2026
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypassJanuary 2, 2026
Critical Fortinet flaws now exploited in Qilin ransomware attacksJune 6, 2025
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink ExploitApril 11, 2025
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devicesApril 11, 2025