On Monday, Fortinet said that a recently patched serious vulnerability affecting FortiOS and FortiProxy may have been exploited in a limited number of cases in attacks against the manufacturing, critical infrastructure, and government sectors.
The issue, known as XORtigate and tagged as CVE-2023-27997 (CVSS score: 9.2), affects FortiOS and FortiProxy SSL-VPN and relates to a heap-based buffer overflow vulnerability that could enable a remote attacker to execute arbitrary code or commands through carefully crafted requests.