CVE-2023-27997
Description
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Severity: CRITICAL
CVE ID: CVE-2023-27997
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
rio128128
POC FortiOS SSL-VPN buffer overflow vulnerability
Refrence: GitHub
BishopFox
Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing
Refrence: GitHub
imbas007
Refrence: GitHub
puckiestyle
Refrence: GitHub
TechinsightsPro
Search vulnerable FortiOS devices via Shodan (CVE-2023-27997)
Refrence: GitHub
Cyb3rEnthusiast
How to get access via CVE-2022-27997
Refrence: GitHub
lexfo
xortigate-cve-2023-27997
Refrence: GitHub
delsploit
Refrence: GitHub
awchjimmy
A short tutorial about how to find and verify FortiOS vulnerablility.
Refrence: GitHub