News Summary

• Bishop Fox said that some of the vulnerable machines appeared to be running Fortigate software that hadn’t been updated since 2015.“Wow—looks like there’s a handful of devices running 8-year-old FortiOS on the Internet,” Caleb Gross, director of capability development at Bishop Fox, wrote in Friday’s post.
• “I wouldn’t touch those with a 10-foot pole.”Gross reported that Bishop Fox has developed an exploit to test customer devices.The screen capture above shows the proof-of-concept exploit corrupting the heap, a protected area of computer memory that’s reserved for running applications.
• Fortinet released updates silently patching the flaw on June 8 and disclosed it four days later in an advisory that said it may have been exploited in targeted attacks.
• The corruption injects malicious code that connects to an attacker-controlled server, downloads the BusyBox utility for Unix-like operating systems, and opens an interactive shell that allows commands to be remotely issued by the vulnerable machine.
• The speed is an improvement over a PoC Lexfo released on June 13.So far, there are few details about the active exploits of CVE-2023-27997 that Fortinet said may be underway.
• Volt Typhoon, the tracking name for a Chinese-speaking threat group, has actively exploited CVE-2023-40684, a separate Fortigate vulnerability of similar high severity.