Vulnerability Analysis
FortiGate CVE-2023-27997: Critical Heap Overflow in SSL VPN
A pre-authentication heap overflow in FortiOS SSL VPN allowed remote code execution on hundreds of thousands of internet-facing firewalls.
Jun 12, 20236 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A pre-authentication heap overflow in FortiOS SSL VPN allowed remote code execution on hundreds of thousands of internet-facing firewalls.
CVE-2023-25610 allowed unauthenticated RCE on FortiOS and FortiProxy through a buffer underwrite vulnerability. Another critical flaw in perimeter security appliances.
Weekly insights on software supply chain security, delivered to your inbox.