Security News > 2021 > January > Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks
Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall could expose corporate networks to attacks, according to the researcher who found them.
Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product.
Fortinet only assigned them a CVSS score of 6.4 and a risk rating of 3/5. Andrey Medov, lead security researcher at Positive Technologies, who discovered the vulnerabilities, told SecurityWeek that he does not agree with Fortinet's assessment.
The vulnerabilities were discovered in the FortiWeb administration interface.
"If the admin panel is accessed from outside an enterprise, the attacker can exploit the vulnerabilities and further develop attacks on the corporate network," Medov explained.
It's important that users install the available patches as soon as possible considering that threat actors, including ones associated with nation states, have been known to exploit vulnerabilities in Fortinet products.
News URL
Related news
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) (source)
- Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)