Saturday, February 15, 2025
HomeCVE/vulnerabilityUnpatched Fortinet Bug Would Allow Remote Attackers To Execute Arbitrary Commands

Unpatched Fortinet Bug Would Allow Remote Attackers To Execute Arbitrary Commands

Published on

SIEM as a Service

Follow Us on Google News

A 0-day command injection vulnerability was found in Fortinet FortiWeb (WAF), and the security report claimed that Fortinet will soon release a fix for this vulnerability.

This vulnerability was initially detected by the cybersecurity researchers of Rapid7 it enables an authenticated attacker to administer arbitrary commands as root by the SAML server configuration page.

Not only this but they also reported that the threat actor could use it to obtain full control of the vulnerable device with the most formidable possible opportunities. 

However, this vulnerability has been detected on Fortinet’s web application firewall (WAF) platform, acknowledged as FortiWeb. 

FortiWeb is a cybersecurity protection platform, its main motive is to protect business-critical web applications from attacks that generally target associated and undiscovered vulnerabilities.

Flaw profile

  • CVE ID: CVE-2020-29015
  • Summary: It is a blind SQL injection flaw in the UI of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4. By exploiting this security flaw an unauthenticated threat actor can execute arbitrary SQL queries or commands remotely.
  • IR Number: FG-IR-20-124
  • Date: Jan 04, 2021
  • Risk: 3 out of 5     
  • CVSSv3 Score: 6.4
  • Impact: Execute unauthorized code or commands

Fortinet is popular for exploit

Fortinet’s cybersecurity commodities are quite famous as exploitation streets along with cyber attackers. Even it also includes nation-state actors, therefore the experts suggested that every user must plan to patch it as soon as possible.

After detecting this vulnerability, the FBI along with the Cybersecurity and Infrastructure Security Agency (CISA) informed several advanced determined threats (APTs) were currently exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage.

Moreover, the experts pronounced that the exploits for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812 were being used to obtain space within networks before implementing their planned operation.

Disclosure Timeline

After a proper investigation, the security analysts have mentioned a full list of disclosure timelines that they have made, and here we have mentioned below:-

  • June, 2021: Issue identified and confirmed by William Vu of Rapid7
  • Thu, Jun 10, 2021: Initial exposure to the vendor through their PSIRT Contact Form
  • Fri, Jun 11, 2021: Recognized by the vendor (ticket 132097)
  • Wed, Aug 11, 2021: Follow up with the vendor
  • Tue, Aug 17, 2021: Public exposure through this post
  • Tue, Aug 17, 2021: The vendor meant that Fortiweb 6.4.1 is expected to add a fix, and will be published at the end of August

Remediation

Apart from this, the cybersecurity researchers have suggested some remediation, until Fortinet is not releasing the patch for the vulnerability. Initially, users must disable the FortiWeb device’s management interface from suspicious networks, which also include the internet.

Not only this but FortiWeb should not get reveal directly to the internet, as it should be reachable only through trusted internal networks, or it can be reached over a secure VPN connection.

While the security authorities of Rapid7 requested every user to follow the recommendation, until and unless a security patch is not being disclosed by Fortinet.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...