Businesses slow to patch critical Fortinet Fortigate vulnerability

By on
Businesses slow to patch critical Fortinet Fortigate vulnerability

Researchers report that a massive number of businesses have been slow to patch their Fortigate firewalls against a high-severity vulnerability in Fortinet’s operating system for the devices, FortiOS — underscoring the challenges of addressing flaws that affect essential security appliances.

According to researchers at offensive security firm Bishop Fox, 69 per cent of Fortigate firewalls remain unpatched against a critical FortiOS vulnerability, tracked as CVE-2023-27997, weeks after fixes became available.

That amounts to roughly 336,000 Fortigate devices that are believed to be susceptible to the vulnerability, which can be exploited by a malicious actor to remotely execute code, according to the post from Bishop Fox researchers.

A remote code execution (RCE) flaw impacting a key security appliance such as a firewall is “about as bad as it can get,” said Andrew Barratt, vice president at cybersecurity services firm Coalfire.

“When a vulnerability in that very device makes it also the entry point for an intruder, typically they’re going to have very broad, far-reaching access to other network segments, if not the whole environment,” Barratt said.

The significant number of unpatched firewalls, at this stage, is likely the result of businesses’ inability to take the appliances offline for deployment and testing of the patches, he said.

Fortinet released patches for the issue on June 9, and disclosed on June 12 that the vulnerability “may have been exploited.”

CRN has reached out to Fortinet for comment.

The vulnerability has received a severity rating of 9.8 out of 10.0.

The fixes are available in FortiOS versions 7.2.5 or above, 7.0.12 or above, 6.4.13 or above, 6.2.14 or above and 6.0.17 or above.

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:
fortigate fortinet security

Partner Content

How to implement effective Essential Eight risk mitigation in a hostile cyberthreat environment
How to implement effective Essential Eight risk mitigation in a hostile cyberthreat environment
Corp IT takes walk in the cloud with Pax8
Corp IT takes walk in the cloud with Pax8
Bringing the cyber security lessons of 2022 into 2023
Bringing the cyber security lessons of 2022 into 2023
Microsoft MSP, Falco soars with Dicker Data's wind beneath its wings
Microsoft MSP, Falco soars with Dicker Data's wind beneath its wings
Synology launches IP cameras to offer complete end-to-end surveillance technology
Synology launches IP cameras to offer complete end-to-end surveillance technology

Sponsored Whitepapers

How can partners develop sustainability strategies? A Canalys ebook for Schneider Electric
How can partners develop sustainability strategies? A Canalys ebook for Schneider Electric
ArrowSphere: The cloud delivery and management platform for powering digital growth
ArrowSphere: The cloud delivery and management platform for powering digital growth
Wasabi Focuses On Just One Thing: Providing the Best Cloud Storage Solution in the World
Wasabi Focuses On Just One Thing: Providing the Best Cloud Storage Solution in the World
How vulnerability scans identify & protect against cyberthreats before criminals locate them
How vulnerability scans identify & protect against cyberthreats before criminals locate them
Monitoring & automation: A primer for MSPs
Monitoring & automation: A primer for MSPs

Most Read Articles

Datacom slides into the red

Datacom slides into the red
The Emerging Innovator Finalists in the 2023 CRN Impact Awards

The Emerging Innovator Finalists in the 2023 CRN Impact Awards
TD Synnex chief executive on current challenging market

TD Synnex chief executive on current challenging market
Corp IT takes walk in the cloud with Pax8

Corp IT takes walk in the cloud with Pax8

Log In

Email:
Password:
  |  Forgot your password?