Cyber Resilience

CVE-2023-27997

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 13 June 2023

Published
13 June 2023
Modified
24 October 2025
KEV Added
13 June 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9135 99.7th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27997 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Fortinet Fortios. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A heap-based buffer overflow vulnerability, tracked as CWE-122 and CWE-787, affects the SSL-VPN component of FortiOS versions 7.2.4 and below, 7.0.11 and below, 6.4.12 and below, and 6.0.16 and below, as well as FortiProxy versions 7.2.3 and below, 7.0.9 and below, 2.0.12 and below, and all versions of 1.2 and 1.1. The flaw permits remote attackers to supply specially crafted requests that trigger memory corruption, leading to arbitrary code or command execution. It carries a CVSS 3.1 base score of 9.8, reflecting network-accessible, unauthenticated attack vectors with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can target exposed SSL-VPN interfaces to achieve full code execution on affected Fortinet appliances without user interaction. Successful exploitation grants the attacker the ability to run arbitrary commands, potentially resulting in complete device compromise, lateral movement, or persistence within the target network.

Fortinet’s PSIRT advisory FG-IR-23-097 details the affected releases and remediation steps, while CISA’s Known Exploited Vulnerabilities catalog confirms active exploitation in the wild. The associated EPSS score has remained consistently high, with a current value of 0.9141 and a recorded peak of 0.9242, underscoring sustained attacker interest following disclosure.

EU & UK References

Vulnerability details

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2…

more

all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

CWE(s)
KEV Date Added
13 June 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
fortiproxy
1.1.0 — 1.1.6 · 1.2.0 — 1.2.13 · 2.0.0 — 2.0.12
fortinet
fortios
6.0.10, 6.2.4, 6.2.6, 6.2.7, 6.4.10 · 6.0.0 — 6.0.16 · 6.2.0 — 6.2.13 · 6.4.0 — 6.4.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches (FG-IR-23-097) to eliminate the heap buffer overflow in the SSL-VPN component.

prevent

Enforces validation of all remote SSL-VPN requests, blocking the specifically crafted inputs that trigger the CWE-122/CWE-787 overflow.

prevent

Requires memory-protection mechanisms (e.g., ASLR, NX) that raise the difficulty of reliable RCE exploitation of the SSL-VPN heap overflow.

References