CVE-2023-27997: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer

Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability. Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

• CISA KEV-listed (remediation due 2023-07-04)
• used in ransomware campaigns
• EPSS 91.4% (99.7% percentile)

Detection rules

• Potential CVE-2023-27997 Exploitation Indicators medium

Browse the CVE database

Read the full analysis on IntelFusions