CVE-2023-27997
Published: 13 June 2023
Summary
CVE-2023-27997 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Fortinet Fortios. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A heap-based buffer overflow vulnerability, tracked as CWE-122 and CWE-787, affects the SSL-VPN component of FortiOS versions 7.2.4 and below, 7.0.11 and below, 6.4.12 and below, and 6.0.16 and below, as well as FortiProxy versions 7.2.3 and below, 7.0.9 and below, 2.0.12 and below, and all versions of 1.2 and 1.1. The flaw permits remote attackers to supply specially crafted requests that trigger memory corruption, leading to arbitrary code or command execution. It carries a CVSS 3.1 base score of 9.8, reflecting network-accessible, unauthenticated attack vectors with high impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can target exposed SSL-VPN interfaces to achieve full code execution on affected Fortinet appliances without user interaction. Successful exploitation grants the attacker the ability to run arbitrary commands, potentially resulting in complete device compromise, lateral movement, or persistence within the target network.
Fortinet’s PSIRT advisory FG-IR-23-097 details the affected releases and remediation steps, while CISA’s Known Exploited Vulnerabilities catalog confirms active exploitation in the wild. The associated EPSS score has remained consistently high, with a current value of 0.9141 and a recorded peak of 0.9242, underscoring sustained attacker interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31722
Vulnerability details
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2…
more
all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
- CWE(s)
- KEV Date Added
- 13 June 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches (FG-IR-23-097) to eliminate the heap buffer overflow in the SSL-VPN component.
Enforces validation of all remote SSL-VPN requests, blocking the specifically crafted inputs that trigger the CWE-122/CWE-787 overflow.
Requires memory-protection mechanisms (e.g., ASLR, NX) that raise the difficulty of reliable RCE exploitation of the SSL-VPN heap overflow.