A critical Remote Code Execution (RCE) security vulnerability in Fortinet FortiGate Firewalls has been discovered by a security researcher at Lexo Security. The flaw, identified as CVE-2023-27997, can be exploited prior to authentication on any SSL VPN appliance. Detailed information about this security issue is currently being withheld, and Fortinet has not yet released an official advisory.

However, Fortinet has issued patches to address this critical security flaw in its FortiGate firewalls.

Exploitation of this flaw could allow an unauthorized individual to achieve remote code execution by manipulating the VPN, even if multi-factor authentication (MFA) is enabled.

To mitigate potential risks, it is strongly advised that users promptly apply the available patches.

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/