www.theregister.com
Open in
urlscan Pro
104.18.5.22
Public Scan
URL:
https://www.theregister.com/2023/07/03/338000_fortinet_firewalls_vulnerability/
Submission: On July 04 via api from TR — Scanned from DE
Submission: On July 04 via api from TR — Scanned from DE
Form analysis
2 forms found in the DOMPOST /CBW/custom
<form id="RegCTBWFAC" action="/CBW/custom" class="show_regcf_custom" method="POST">
<h5>Manage Cookie Preferences</h5>
<ul>
<li>
<label>
<input type="checkbox" disabled="disabled" checked="checked" name="necessary" value="necessary">
<strong>Necessary</strong>. <strong>Always active</strong>
</label>
<label for="accordion_necessary" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_necessary">
<p class="accordion_info"> These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="tailored_ads" value="tailored_ads">
<strong>Tailored Advertising</strong>. </label>
<label for="accordion_advertising_tailored_ads" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg"
class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_advertising_tailored_ads">
<p class="accordion_info"> These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers,
and in some cases selecting advertisements that are based on your interests. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="analytics" value="analytics">
<strong>Analytics</strong>. </label>
<label for="accordion_analytics" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_analytics">
<p class="accordion_info"> These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our
sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. </p>
</div>
</li>
</ul> See also our <a href="https://www.theregister.com/Profile/cookies/">Cookie policy</a> and <a href="https://www.theregister.com/Profile/privacy/">Privacy policy</a>. <input type="submit" value="Accept Selected" class="reg_btn_primary"
name="accept" id="RegCTBWFBAC">
</form>
POST /CBW/all
<form id="RegCTBWFAA" action="/CBW/all" method="POST" class="hide_regcf_custom">
<input type="submit" value="Accept All Cookies" name="accept" class="reg_btn_primary" id="RegCTBWFBAA">
</form>
Text Content
Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”. REVIEW AND MANAGE YOUR CONSENT Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer. MANAGE COOKIE PREFERENCES * Necessary. Always active Read more These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. * Tailored Advertising. Read more These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. * Analytics. Read more These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. See also our Cookie policy and Privacy policy. Customize Settings Sign in / up TOPICS Security SECURITY All SecurityCyber-crimePatchesResearchCSO (X) Off-Prem OFF-PREM All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X) On-Prem ON-PREM All On-PremSystemsStorageNetworksHPCPersonal Tech (X) Software SOFTWARE All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X) Offbeat OFFBEAT All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us (X) Special Features SPECIAL FEATURES All Special Features Sysadmin Month The Reg in Space Emerging Clean Energy Tech Week Spotlight on RSA Energy Efficient Datacenters VENDOR VOICE Vendor Voice VENDOR VOICE All Vendor VoiceAmazon Web Services (AWS) Business TransformationDDNGoogle Cloud for StartupsHewlett Packard Enterprise: AI & ML solutionsIntel vProVMware (X) Resources RESOURCES Whitepapers Webinars & Events Newsletters PATCHES YOU'VE PATCHED RIGHT? '340K+ FORTINET FIREWALLS' WIDE OPEN TO CRITICAL SECURITY BUG THAT'S A VULNERABILITY THAT'S UNDER ATTACK, FIX AVAILABLE ... CANCEL THOSE JULY 4TH PLANS, PERHAPS? Jessica Lyons Hardcastle Mon 3 Jul 2023 // 23:17 UTC More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that's being exploited in the wild. This is according to infosec outfit Bishop Fox, which has developed an example exploit for achieving remote code execution via the hole. Successful exploitation of the pre-authentication vulnerability can allow an intruder to take over the network equipment. Bishop Fox warned: "You should patch yours now." Fortinet did not respond to The Register's inquiries about how many products remain unpatched. The bug – rated 9.8 out of 10 in terms of CVSS severity – is a heap-based buffer overflow vulnerability, and affects FortiOS and FortiProxy devices with SSL-VPN enabled. Fortinet disclosed the flaw last month and noted that the issue, which it tracks as FG-IR-23-097, "may have been exploited in a limited number of cases and we are working closely with customers to monitor the situation." Versions 7.2.5, 7.0.12, 6.4.13, and 6.2.15 of the firmware will patch the hole. But despite the vendor's updates and advice that customers "take immediate action," it appears that hundreds of thousands of boxen have been neglected. On Friday, Bishop Fox said its searches revealed nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, and about 69 percent (338,100) of these remain unpatched. To come up with this figure, the researchers used Shodan.io to search for servers with HTTP responses indicated the equipment was not up to date. * Fortinet squashes hijack-my-VPN bug in FortiOS gear * Here's how Chinese cyber spies exploited a critical Fortinet bug * A (cautionary) tale of two patched bugs, both exploited in the wild * Fortinet's latest firewall promises hyperscale security while sipping power On a side note, the research team also found "a handful of devices" still running eight-year-old FortiOS on the public internet. As Caleb Gross, director of capability development at Bishop Fox, wrote: "I wouldn't touch those with a 10-foot pole." The team shared a screen capture of their exploit for CVE-2023-27997 in action, which Gross said "smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary, and opens an interactive shell." The bug was spotted and privately disclosed to Fortigate by Charles Fol and Dany Bach at French security firm Lexfo. Patches were issued on June 8, and Lexfo detailed the flaw and the exploit process on June 13. For its exploit, however, the Bishop Fox team said they added a few extra steps and achieved a "significantly faster" exploit compared to Lexfo's exploit of an Intel x64 device. Bishop Fox's attack takes about a second. ® Get our Tech Resources Share MORE ABOUT * Fortinet * Patch * Security More like these × MORE ABOUT * Fortinet * Patch * Security NARROWER TOPICS * 2FA * Advanced persistent threat * Application Delivery Controller * Authentication * BEC * Black Hat * Bug Bounty * Common Vulnerability Scoring System * Cybercrime * Cybersecurity * Cybersecurity and Infrastructure Security Agency * Cybersecurity Information Sharing Act * Data Breach * Data Protection * Data Theft * DDoS * Digital certificate * Encryption * Exploit * Firewall * Hacker * Hacking * Identity Theft * Incident response * Infosec * Kenna Security * NCSAM * NCSC * Palo Alto Networks * Password * Patch Tuesday * Phishing * Quantum key distribution * Ransomware * Remote Access Trojan * REvil * RSA Conference * Spamming * Spyware * Surveillance * TLS * Trojan * Trusted Platform Module * Vulnerability * Wannacry * Zero trust MORE ABOUT Share POST A COMMENT MORE ABOUT * Fortinet * Patch * Security More like these × MORE ABOUT * Fortinet * Patch * Security NARROWER TOPICS * 2FA * Advanced persistent threat * Application Delivery Controller * Authentication * BEC * Black Hat * Bug Bounty * Common Vulnerability Scoring System * Cybercrime * Cybersecurity * Cybersecurity and Infrastructure Security Agency * Cybersecurity Information Sharing Act * Data Breach * Data Protection * Data Theft * DDoS * Digital certificate * Encryption * Exploit * Firewall * Hacker * Hacking * Identity Theft * Incident response * Infosec * Kenna Security * NCSAM * NCSC * Palo Alto Networks * Password * Patch Tuesday * Phishing * Quantum key distribution * Ransomware * Remote Access Trojan * REvil * RSA Conference * Spamming * Spyware * Surveillance * TLS * Trojan * Trusted Platform Module * Vulnerability * Wannacry * Zero trust TIP US OFF Send us news -------------------------------------------------------------------------------- OTHER STORIES YOU MIGHT LIKE FORTINET SQUASHES HIJACK-MY-VPN BUG IN FORTIOS GEAR And it's already being exploited in the wild, probably Patches21 days | 2 GUESS WHAT HAPPENED TO THIS US AGENCY USING OUTDATED SOFTWARE? Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities Patches14 days | 16 A (CAUTIONARY) TALE OF TWO PATCHED BUGS, BOTH EXPLOITED IN THE WILD One affects VMware's monitoring tool and the other TP-Link routers Patches12 days | 8 TACKLING THE CYBER SKILLS GAP WITH AI Why the future of cyber security could be fully autonomous where the AI works independently Sponsored Feature THIRD MOVEIT BUG FIXED A DAY AFTER POC EXPLOIT MADE PUBLIC Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data' Patches17 days | 18 CHINESE SPIES BLAMED FOR DATA-HARVESTING RAIDS ON BARRACUDA EMAIL GATEWAYS Snoops 'aggressively targeted' specific govt, academic accounts CSO18 days | 2 TO KILL BLACKLOTUS MALWARE, PATCHING IS A GOOD START, BUT... ...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs CSO11 days | 4 WARNING: JAVASCRIPT REGISTRY NPM VULNERABLE TO 'MANIFEST CONFUSION' ABUSE Failure to match metadata with packaged files is perfect for supply chain attacks Research6 days | 10 US, HACKED BY LOCKBIT? NO, SAYS TSMC, THAT WOULD BE OUR IT SUPPLIER So, uh, who's gonna pay that $70M ransom? Cyber-crime3 days | 3 NETWORK SECURITY GUY IN EXTRADITION TUG OF WAR BETWEEN US AND RUSSIA Group-IB spinout confirms Kislitsin is wanted by both Washington and Moscow Cyber-crime5 days | 7 GOOGLE BUG BOUNTIES INCH CLOSER TO MICROSOFT'S PAYOUTS Chocolate Factory paid a record $12m in 2022 Security9 days | 8 MISCREANTS LEAK TEXTS AND INFO SIPHONED BY ANDROID STALKERWARE APP LETMESPY Just as America's Supremes set a high bar for cyberstalking Cyber-crime6 days | 9 The Register Biting the hand that feeds IT ABOUT US * Contact us * Advertise with us * Who we are OUR WEBSITES * The Next Platform * DevClass * Blocks and Files YOUR PRIVACY * Cookies Policy * Your Consent Options * Privacy Policy * T's & C's Copyright. All rights reserved © 1998–2023