A test by cybersecurity firm Bishop Fox found that there are too many systems with a known vulnerability still unpatched.

Researchers at cybersecurity firm Bishop Fox have found that more than three hundred thousand servers worldwide are at risk because a known vulnerability has still not been fixed.

What is the problem

The vulnerability in question is CVE-2023-27997 and was discovered last month. This was reported to Fortinet and the company has since sent out a patch.

Only this patch has still not been installed by many admins and IT teams. Bishop Fox found that up to 69 percent of systems with this vulnerability are still at risk. The company used the Shodan search engine to gather enough data to draw this conclusion. Researchers even found active FortiOS operating systems that are eight years old.

This is a test

Bishop Fox did more than just collect numbers; To back up their warning, the company developed an exploit to take advantage of this vulnerability.

This exploit uses the heap (a data structure) to connect to a server controlled by the attackers. They then download a BusyBox binary and open an interactive shell. A process that, according to Bishop Fox, takes barely a second.

What now

This proves once again the importance of updating and installing patches whenever they are needed and available. The PSIRT advisory has been available at Fortinet for some time, but of course teams and admins have to use it. Bishop Fox therefore calls for this to be done as soon as possible. The next attack may not be a test.

Fortinet firewalls have also recently become part of their flexible licensing program.