Unpatched Fortinet Bug Allows Firewall Takeovers

2021-08-18 12:07

The OS command-injection bug, in the web application firewall platform known as FortiWeb, will get a patch at the end of the month.

An unpatched OS command-injection security vulnerability has been disclosed in Fortinet's web application firewall platform, known as FortiWeb.

The firewall has been to keep up with the deployment of new or updated features, or the addition of new web APIs, according to Fortinet.

The bug exists in FortiWeb's management interface, and carries a CVSSv3 base score of 8.7 out of 10, making it high-severity.

Fortinet plans to release a fix for the problem with FortiWeb 6.4.1, which will be released at the end of August, it said.

In April, the FBI and the Cybersecurity and Infrastructure Security Agency warned that various advanced persistent threats were actively exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage.

News URL

https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/

#firewall #fortinet #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Fortinet		164	56	387	164	77	684