Thursday, May 1, 2025
HomeCVE/vulnerabilityUnpatched Fortinet Bug Would Allow Remote Attackers To Execute Arbitrary Commands

Unpatched Fortinet Bug Would Allow Remote Attackers To Execute Arbitrary Commands

Published on

SIEM as a Service

Follow Us on Google News

A 0-day command injection vulnerability was found in Fortinet FortiWeb (WAF), and the security report claimed that Fortinet will soon release a fix for this vulnerability.

This vulnerability was initially detected by the cybersecurity researchers of Rapid7 it enables an authenticated attacker to administer arbitrary commands as root by the SAML server configuration page.

Not only this but they also reported that the threat actor could use it to obtain full control of the vulnerable device with the most formidable possible opportunities. 

- Advertisement - Google News

However, this vulnerability has been detected on Fortinet’s web application firewall (WAF) platform, acknowledged as FortiWeb. 

FortiWeb is a cybersecurity protection platform, its main motive is to protect business-critical web applications from attacks that generally target associated and undiscovered vulnerabilities.

Flaw profile

  • CVE ID: CVE-2020-29015
  • Summary: It is a blind SQL injection flaw in the UI of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4. By exploiting this security flaw an unauthenticated threat actor can execute arbitrary SQL queries or commands remotely.
  • IR Number: FG-IR-20-124
  • Date: Jan 04, 2021
  • Risk: 3 out of 5     
  • CVSSv3 Score: 6.4
  • Impact: Execute unauthorized code or commands

Fortinet is popular for exploit

Fortinet’s cybersecurity commodities are quite famous as exploitation streets along with cyber attackers. Even it also includes nation-state actors, therefore the experts suggested that every user must plan to patch it as soon as possible.

After detecting this vulnerability, the FBI along with the Cybersecurity and Infrastructure Security Agency (CISA) informed several advanced determined threats (APTs) were currently exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage.

Moreover, the experts pronounced that the exploits for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812 were being used to obtain space within networks before implementing their planned operation.

Disclosure Timeline

After a proper investigation, the security analysts have mentioned a full list of disclosure timelines that they have made, and here we have mentioned below:-

  • June, 2021: Issue identified and confirmed by William Vu of Rapid7
  • Thu, Jun 10, 2021: Initial exposure to the vendor through their PSIRT Contact Form
  • Fri, Jun 11, 2021: Recognized by the vendor (ticket 132097)
  • Wed, Aug 11, 2021: Follow up with the vendor
  • Tue, Aug 17, 2021: Public exposure through this post
  • Tue, Aug 17, 2021: The vendor meant that Fortiweb 6.4.1 is expected to add a fix, and will be published at the end of August

Remediation

Apart from this, the cybersecurity researchers have suggested some remediation, until Fortinet is not releasing the patch for the vulnerability. Initially, users must disable the FortiWeb device’s management interface from suspicious networks, which also include the internet.

Not only this but FortiWeb should not get reveal directly to the internet, as it should be reachable only through trusted internal networks, or it can be reached over a secure VPN connection.

While the security authorities of Rapid7 requested every user to follow the recommendation, until and unless a security patch is not being disclosed by Fortinet.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...