M247 Security Alert – 13/06/2023 Fortinet FortiOS SSL VPN Vulnerability CVE-2023-27997 - Minor Issue
Dear M247 Customer
M247 have been made aware of and are currently investigating the SSL VPN Vulnerability in Forti-OS Published on 12/06/2023.
This CVE is a Critical Severity Vulnerability scoring 9.2 on the CVSS rating.
Fortinet suggest patching all affected devices to the latest version as soon as possible.
Affected Products:
Fortigate Firewalls and Devices on the following OS versions
FortiOS-6K7K version 7.0.10
FortiOS-6K7K version 7.0.5
FortiOS-6K7K version 6.4.12
FortiOS-6K7K version 6.4.10
FortiOS-6K7K version 6.4.8
FortiOS-6K7K version 6.4.6
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.9 through 6.2.13
FortiOS-6K7K version 6.2.6 through 6.2.7
FortiOS-6K7K version 6.2.4
FortiOS-6K7K version 6.0.12 through 6.0.16
FortiOS-6K7K version 6.0.10
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.13
FortiOS version 6.0.0 through 6.0.16
Solutions:
Please upgrade to FortiOS-6K7K version 7.0.12 or above
Please upgrade to FortiOS-6K7K version 6.4.13 or above
Please upgrade to FortiOS-6K7K version 6.2.15 or above
Please upgrade to FortiOS-6K7K version 6.0.17 or above
Please upgrade to FortiProxy version 7.2.4 or above
Please upgrade to FortiProxy version 7.0.10 or above
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.12 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiOS version 6.2.14 or above
Please upgrade to FortiOS version 6.0.17 or above
Affected Customers: This will affect Dedicated and Shared M247 Firewall Customers.
Further information around the vulnerability can be found at the following link: https://www.fortiguard.com/psirt/FG-IR-23-097
We want you to know that we take this issue very seriously. Please accept our sincere apologies for any inconvenience this may cause.
Our M247 Support Team will be in contact as soon as possible to remediate this matter.
If you have any queries, please contact M247 technical support team on 0161 822 2580.
Regards
M247 Support
Hi,
Huge apologies.
We are aware of an issue where affected customers have received multiple of the same email regarding these maintenance works.
We are investigating this issue internally to ensure this does not happen again in the future.
Regards
M247 Support
Hi,
Following an investigation into the duplicate email issue, we have also identified that some affected customers did not receive the initial email.
We have fixed the duplication issue, and are currently working on sending out the maintenance email again.
Apologies again for any inconvenience caused.
Regards
M247 Support