Security company Fortinet has released firmware updates for Fortiware due to an RCE vulnerability in its SSL VPNs.

Because of one Remote Code ExecutionVulnerability in a number of Fortiware SSL VPNs, cybersecurity company Fortinet released patches in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12 and 7.2.5.

We know that

The exact vulnerability is not yet known. It would be one that would allow attackers to break into a VPN, even with that Multi-Factor Authentication allows. Fortinet is expected to release more details tomorrow.

Security Specialist Charles Fol confirmed that the latest FortiOS update patched a critical RCE vulnerability (CVE-2023-27997) that he and a colleague discovered. Fol emphasized that users should consider this a very urgent patch. Administrators must therefore apply the update as soon as it becomes available.

A warned person

Fortinet is known to launch patches before a notification is sent out. This allows users to push through the updates before hackers have a chance to reverse engineer the patches.

Fortinet recently introduced its latest energy-efficient firewall for data centers, and the company has significantly expanded its product portfolio. Automation was one of the keywords.