Fortinet Patches Critical Flaw in FortiOS SSL-VPN

Fortinet has released a patch for a severe, zero-day memory corruption vulnerability in its FortiOS SSL-VPN. The heap-based buffer overflow flaw can be exploited to allow remote unauthenticated attackers to execute commands and launch code on vulnerable systems.

Note

• Perimeter security devices remain a popular target for attackers. Our sensors still see older FortiOS exploits used frequently. This vulnerability was patched as part of a recent FortiOS update, but not made public until now.
• The workaround is to disable the SSL-VPN, which isn’t really viable if the mission of the device is to deliver your SSL-VPN. The fix is to update to the current version of FortiOS product. Incorporate the IOCs in the Fortiguard in your threat hunting, verify your device has not been compromised.
• It seems that the last year or two has been the year in which many SSL VPNs have seen their systems explored. Fortinet seems to currently be the target of many of the exploit developers. This could be because of their market presence outside of the US and globally, or it could just be that there was already a lot of research that has led exploit developers to see other vectors in the same system. Maintain patches where you can, and if you’re using a different firewall product, I suspect that there will be other manufacturers that eventually will get the same treatment. No one is immune to software bugs. Stay on top of this and patch where you can, prioritizing SSL VPNs first.
• Since the start of the pandemic, we have seen attackers focus on these types of edge devices. Have an inventory of what you have and ensure you patch consistently upon release.

Read more in

• FortiOS – heap-based buffer overflow in sslvpnd
• Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw
• Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks