Security News > 2021 > January > Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks
Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall could expose corporate networks to attacks, according to the researcher who found them.
Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product.
Fortinet only assigned them a CVSS score of 6.4 and a risk rating of 3/5. Andrey Medov, lead security researcher at Positive Technologies, who discovered the vulnerabilities, told SecurityWeek that he does not agree with Fortinet's assessment.
The vulnerabilities were discovered in the FortiWeb administration interface.
"If the admin panel is accessed from outside an enterprise, the attacker can exploit the vulnerabilities and further develop attacks on the corporate network," Medov explained.
It's important that users install the available patches as soon as possible considering that threat actors, including ones associated with nation states, have been known to exploit vulnerabilities in Fortinet products.
News URL
Related news
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- Airplay-enabled devices open to attack via “AirBorne” vulnerabilities (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
- Critical Fortinet flaws now exploited in Qilin ransomware attacks (source)