Content written for

Small & medium business
Large organisations & infrastructure

Background / What has happened?

A Remote Code Execution vulnerability (CVE-2023-27997) has been identified in multiple versions of Fortinet Fortigate devices when SSL-VPN enabled.

Fortigate is a widely used type of Next-Generation Firewall device.

Exploiting a URL parameter in FortiOS SSL-VPN may lead to a heap-based buffer overflow that allows execution of arbitrary code. The vulnerability affects requests in the SSL-VPN pre-authentication phase.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of successful exploitation attempts against Australian organisations.

Affected Australian organisations should apply the available patches immediately, and investigate for signs of compromise.

Mitigation / How do I stay secure?

Australian organisations that use Fortigate devices should review their patch status and update to the latest version.

Affected Products

At least:

  • 7.2.0 through 7.2.4
  • 7.0.0 through 7.0.11
  • 6.4.0 through 6.4.12
  • 6.2.0 through 6.2.13
  • 6.0.0 through 6.0.16


  • Please upgrade to FortiOS version 7.4.0 or above
  • Please upgrade to FortiOS version 7.2.5 or above
  • Please upgrade to FortiOS version 7.0.12 or above
  • Please upgrade to FortiOS version 6.4.13 or above
  • Please upgrade to FortiOS version 6.2.14 or above
  • Please upgrade to FortiOS version 6.0.17 or above


Disable SSL-VPN for products using the affected FortiOS versions.

For further information, please view the Fortinet blog post regarding this vulnerability.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it