Security News > 2021 > August > Unpatched Fortinet Bug Allows Firewall Takeovers
The OS command-injection bug, in the web application firewall platform known as FortiWeb, will get a patch at the end of the month.
An unpatched OS command-injection security vulnerability has been disclosed in Fortinet's web application firewall platform, known as FortiWeb.
The firewall has been to keep up with the deployment of new or updated features, or the addition of new web APIs, according to Fortinet.
The bug exists in FortiWeb's management interface, and carries a CVSSv3 base score of 8.7 out of 10, making it high-severity.
Fortinet plans to release a fix for the problem with FortiWeb 6.4.1, which will be released at the end of August, it said.
In April, the FBI and the Cybersecurity and Infrastructure Security Agency warned that various advanced persistent threats were actively exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage.
News URL
https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/
Related news
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)