What We Do
How We Do
Get Started
Security advisories

FortiGate SSL VPN Vulnerability - CVE-2023-27997 & Volt Typhoon Update

June 13, 2023 | 2 MINS READ

Speak With A Security Expert Now



Fortinet has confirmed the existence of a critical zero-day vulnerability impacting Fortinet FortiGate SSL VPNs, tracked as CVE-2023-27997 (CVSS: 9.2). This is a pre-authentication Remote Code Execution vulnerability in FortiGate SSL VPNs including multiple versions of FortiOS-6K7K, FortiProxy, and FortiOS. Exploitation would allow a remote and unauthenticated threat actor to execute code on vulnerable devices. As the vulnerability is pre-authentication, attacks will bypass Multi-Factor Authentication (MFA).

In the same advisory, Fortinet also noted that the Volt Typhoon Campaign leveraged CVE-2022-40684 (CVSS: 9.6) for initial access. This is an authentication bypass vulnerability that impacts Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0. Exploitation would allow unauthenticated attackers to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Fortinet has confirmed that limited exploitation of CVE-2023-27997 occurred prior to patch release. Organizations are strongly recommended to review all potentially impacted devices and ensure they are up to date on security patches.

What we’re doing about it

What you should do about it

Additional information

As exploitation of CVE-2023-27997 has been confirmed in the wild, it is critical that organizations apply the relevant security patches as soon as possible to minimize the likelihood of exploitation. Security patches to address the vulnerability were released prior to vulnerability disclosure on June 9th. Alternative mitigations are not available for CVE-2023-27997.

Fortinet has not provided any additional details on real world attacks at this time for CVE-2023-27997. The eSentire Threat Intelligence team is actively tracking this topic and will perform threat hunts across the eSentire client base for CVE-2023-27997 as more details become available.

Fortinet disclosed an additional five vulnerabilities on June 12th. None of the other vulnerabilities are confirmed to be exploited in the wild. Organizations are recommended to patch for all vulnerabilities, as there is a high probability of exploitation in the future.

Security patches to address CVE-2022-40684 have been available since October 2022. Details of vulnerability exploitation and alternative mitigations are available in the official Fortinet advisory.

Impacted Fortinet Products for CVE-2023-27997:

Impacted Fortinet Products for CVE-2022-40684:

Additional Fortinet Vulnerabilities


[1] https://www.fortiguard.com/psirt/FG-IR-23-097
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-27997
[3] https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
[4] https://nvd.nist.gov/vuln/detail/CVE-2022-40684
[5] https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign
[6] https://www.fortiguard.com/psirt/FG-IR-22-377

View Most Recent Advisories