Security News > 2021 > June > Vulnerabilities Expose Fortinet Firewalls to Remote Attacks
A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall can be exploited to execute arbitrary commands.
Rey Medov, a researcher at Russian enterprise cybersecurity firm Positive Technologies, discovered that the FortiWeb firewall - specifically its management interface - is affected by a vulnerability that can allow a remote, authenticated attacker to execute commands on the system via the SAML server configuration page.
The flaw, tracked as CVE-2021-22123, has been patched with the release of FortiWeb versions 6.3.8 and 6.2.4, Fortinet said in an advisory published in late May. Medov warned on Thursday that the vulnerability can be exploited by an authenticated attacker to execute arbitrary commands with maximum privileges, which can be used to take complete control of the server.
The researcher noted that the impact of the vulnerability can be even more serious if it's chained with a misconfiguration and a separate vulnerability he discovered recently in FortiWeb.
That vulnerability, tracked as CVE-2020-29015 and disclosed by Fortinet in January, is a medium-severity blind SQL injection issue that can allow a remote, unauthenticated attacker to execute SQL commands or queries by sending a specially crafted request.
The company said it will continue to responsibly disclose the vulnerabilities found by its employees in the products of major U.S. companies.
News URL
Related news
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Fortinet warns of new zero-day exploited to hijack firewalls (source)
- Fortinet discloses second firewall auth bypass patched in January (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-22123 | OS Command Injection vulnerability in Fortinet Fortiweb An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | 8.8 |
| 2021-01-14 | CVE-2020-29015 | SQL Injection vulnerability in Fortinet Fortiweb A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. | 9.8 |