Thursday, March 28, 2024

Unpatched Fortinet Bug Would Allow Remote Attackers To Execute Arbitrary Commands

A 0-day command injection vulnerability was found in Fortinet FortiWeb (WAF), and the security report claimed that Fortinet will soon release a fix for this vulnerability.

This vulnerability was initially detected by the cybersecurity researchers of Rapid7 it enables an authenticated attacker to administer arbitrary commands as root by the SAML server configuration page.

Not only this but they also reported that the threat actor could use it to obtain full control of the vulnerable device with the most formidable possible opportunities. 

However, this vulnerability has been detected on Fortinet’s web application firewall (WAF) platform, acknowledged as FortiWeb. 

FortiWeb is a cybersecurity protection platform, its main motive is to protect business-critical web applications from attacks that generally target associated and undiscovered vulnerabilities.

Flaw profile

  • CVE ID: CVE-2020-29015
  • Summary: It is a blind SQL injection flaw in the UI of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4. By exploiting this security flaw an unauthenticated threat actor can execute arbitrary SQL queries or commands remotely.
  • IR Number: FG-IR-20-124
  • Date: Jan 04, 2021
  • Risk: 3 out of 5     
  • CVSSv3 Score: 6.4
  • Impact: Execute unauthorized code or commands

Fortinet is popular for exploit

Fortinet’s cybersecurity commodities are quite famous as exploitation streets along with cyber attackers. Even it also includes nation-state actors, therefore the experts suggested that every user must plan to patch it as soon as possible.

After detecting this vulnerability, the FBI along with the Cybersecurity and Infrastructure Security Agency (CISA) informed several advanced determined threats (APTs) were currently exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage.

Moreover, the experts pronounced that the exploits for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812 were being used to obtain space within networks before implementing their planned operation.

Disclosure Timeline

After a proper investigation, the security analysts have mentioned a full list of disclosure timelines that they have made, and here we have mentioned below:-

  • June, 2021: Issue identified and confirmed by William Vu of Rapid7
  • Thu, Jun 10, 2021: Initial exposure to the vendor through their PSIRT Contact Form
  • Fri, Jun 11, 2021: Recognized by the vendor (ticket 132097)
  • Wed, Aug 11, 2021: Follow up with the vendor
  • Tue, Aug 17, 2021: Public exposure through this post
  • Tue, Aug 17, 2021: The vendor meant that Fortiweb 6.4.1 is expected to add a fix, and will be published at the end of August

Remediation

Apart from this, the cybersecurity researchers have suggested some remediation, until Fortinet is not releasing the patch for the vulnerability. Initially, users must disable the FortiWeb device’s management interface from suspicious networks, which also include the internet.

Not only this but FortiWeb should not get reveal directly to the internet, as it should be reachable only through trusted internal networks, or it can be reached over a secure VPN connection.

While the security authorities of Rapid7 requested every user to follow the recommendation, until and unless a security patch is not being disclosed by Fortinet.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles