Security News > 2021 > January > Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks
Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall could expose corporate networks to attacks, according to the researcher who found them.
Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product.
Fortinet only assigned them a CVSS score of 6.4 and a risk rating of 3/5. Andrey Medov, lead security researcher at Positive Technologies, who discovered the vulnerabilities, told SecurityWeek that he does not agree with Fortinet's assessment.
The vulnerabilities were discovered in the FortiWeb administration interface.
"If the admin panel is accessed from outside an enterprise, the attacker can exploit the vulnerabilities and further develop attacks on the corporate network," Medov explained.
It's important that users install the available patches as soon as possible considering that threat actors, including ones associated with nation states, have been known to exploit vulnerabilities in Fortinet products.