Security News > 2021 > August > Researchers find high-severity command injection vuln in Fortinet's web app firewall
A command injection vulnerability exists in Fortinet's management interface for its FortiWeb web app firewall, according to infosec firm Rapid7.
An authenticated attacker can use the vuln to execute commands as root on the Fortiweb device, Rapid7 said in a blog post.
Bleeping Computer reported some mild controversy about the timing of the disclosure; Rapid7 alleged it had been left hanging for a month by Fortinet after reporting the vuln, while Fortinet claimed Rapid7 had breached Fortinet's own vuln reporting guidelines by disclosing it within 90 days.
In 2019, The Register revealed that a series of Huawei routers used for years in the UK were vulnerable to command injection attacks using backticks in a similar fashion.
Back in 2013, Sophos had to patch a similar web firewall appliance after researchers identified that a function in a Perl script failed to fully escape a script argument prior to executing it - meaning backticks could be used to insert extra commands.
In July, Fortinet disclosed a remote code execution vuln in some of its software products that it patched.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/18/fortinet_fortiweb_flaw/
Related news
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)