Security News > 2021 > August > Unpatched Fortinet Bug Allows Firewall Takeovers

Unpatched Fortinet Bug Allows Firewall Takeovers
2021-08-18 12:07

The OS command-injection bug, in the web application firewall platform known as FortiWeb, will get a patch at the end of the month.

An unpatched OS command-injection security vulnerability has been disclosed in Fortinet's web application firewall platform, known as FortiWeb.

The firewall has been to keep up with the deployment of new or updated features, or the addition of new web APIs, according to Fortinet.

The bug exists in FortiWeb's management interface, and carries a CVSSv3 base score of 8.7 out of 10, making it high-severity.

Fortinet plans to release a fix for the problem with FortiWeb 6.4.1, which will be released at the end of August, it said.

In April, the FBI and the Cybersecurity and Infrastructure Security Agency warned that various advanced persistent threats were actively exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage.


News URL

https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 77 15 314 277 81 687