CVE-2023-27997

critical

Description

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

From the Tenable Blog

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)

Published: 2023-06-13

Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.

References

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortiweb-zero-day-exploited-in-attacks/

https://www.cybereason.com/blog/ttp-briefing-q3-2025

https://www.infosecurity-magazine.com/news/automation-vulnerability/

https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/

https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/

https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution

https://www.cisa.gov/news-events/alerts/2025/04/11/fortinet-releases-advisory-new-post-exploitation-technique-known-vulnerabilities

https://www.bleepingcomputer.com/news/security/fortinet-hackers-retain-access-to-patched-fortigate-vpns-using-symlinks/

https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

https://www.security.com/threat-intelligence/ransomware-trends-2025

https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

https://www.securityweek.com/citrix-cisco-fortinet-zero-days-among-2023s-most-exploited-vulnerabilities/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/

https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a

https://www.tenable.com/blog/cve-2025-64446-fortinet-fortiweb-zero-day-path-traversal-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/cve-2025-25256-proof-of-concept-released-for-critical-fortinet-fortisiem-command-injection

https://www.tenable.com/blog/cve-2025-32756-zero-day-vulnerability-in-multiple-fortinet-products-exploited-in-the-wild

https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/cve-2023-48788-critical-fortinet-forticlientems-sql-injection-vulnerability

https://www.tenable.com/blog/cve-2024-21762-critical-fortinet-fortios-out-of-bound-write-ssl-vpn-vulnerability

https://www.tenable.com/blog/cve-2023-27997-heap-based-buffer-overflow-in-fortinet-fortios-and-fortiproxy-ssl-vpn-xortigate

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27997

https://fortiguard.com/psirt/FG-IR-23-097

Details

Source: Mitre, NVD

Published: 2023-06-13

Updated: 2025-10-24

Named Vulnerability: XORtigateKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.89916