Researchers say that nearly 336,000 devices exposed to the Internet remain vulnerable to a critical vulnerability in firewalls sold by Fortinet because admins have yet to install patches the company released three weeks ago. CVE-2023-27997 is a remote code execution in Fortigate VPNs, which are included in the company’s firewalls.

Source: Technology Lab – Ars Technica