The heap-based buffer overflow issue in FortiOS, the operating system that connects all Fortinet networking components to integrate them in the vendor’s Security Fabric platform, has resulted in a remote code execution vulnerability with a severity level of 9.8 out of 10.
With the SSL VPN interface exposed on the internet, CVE-2023-27997 is exploitable and enables an unauthenticated attacker to remotely execute code on susceptible devices. The vendor expressed concern that the problem might have been used in attacks in an alert published in mid-June.