Security News > 2021 > January > Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks

Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks
2021-01-07 13:01

Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall could expose corporate networks to attacks, according to the researcher who found them.

Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product.

Fortinet only assigned them a CVSS score of 6.4 and a risk rating of 3/5. Andrey Medov, lead security researcher at Positive Technologies, who discovered the vulnerabilities, told SecurityWeek that he does not agree with Fortinet's assessment.

The vulnerabilities were discovered in the FortiWeb administration interface.

"If the admin panel is accessed from outside an enterprise, the attacker can exploit the vulnerabilities and further develop attacks on the corporate network," Medov explained.

It's important that users install the available patches as soon as possible considering that threat actors, including ones associated with nation states, have been known to exploit vulnerabilities in Fortinet products.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/sodeldZYQXE/vulnerabilities-fortinet-waf-can-expose-corporate-networks-attacks

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 76 15 312 265 80 672