Background / What has happened?
A Remote Code Execution vulnerability (CVE-2023-27997) has been identified in multiple versions of Fortinet Fortigate devices when SSL-VPN enabled.
Fortigate is a widely used type of Next-Generation Firewall device.
Exploitation of this vulnerability could allow a malicious actor to gain remote code execution rights on the affected system, and perform unauthorised actions.
The ACSC is not aware of successful exploitation attempts against Australian organisations.
Affected Australian organisations should apply the available patches immediately, and investigate for signs of compromise.
Mitigation / How do I stay secure?
Australian organisations that use Fortigate devices should review their patch status and update to the latest version.
Security fixes were included in FortiOS firmware versions released on Friday, 9 June 2023. Fixed versions of FortiOS are:
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).