Multiple Flaws With Fortinet FortiWeb WAF Would Allow Attackers to Hack Corporate Networks

The cybersecurity researchers of Positives Technologies have detected some severe flaws in the Fortinet FotiWeb web application firewall. According to the security experts, the threat actors could easily hack the corporate networks with these flaws.

The Fortinet FortiWeb web application firewall (WAF) is generally created to shield servers from web-based attacks, but it got vulnerable to an SQL injection query. Andrey Medov is one of the security experts who have detected this flaw and affirmed that the vulnerabilities involve:-

  • A blind SQL injection.
  • A stack-based buffer overflow problem. 
  • An overflow buffer overflow.
  • Format string vulnerability that could direct to the execution of malicious code or instructions or denial-of-service (DoS) situations.

Flaws

FortiGate SSL VPN logs may display events of users in a different VDOM

This vulnerability could easily allow remote hackers to read the SSL VPN events log records of users in other VDOMs just by executing “get vpn ssl monitor” from the CLI.

Affected Products

  • FortiGate versions 6.0.10 and below. 
  • FortiGate versions 6.2.4 and below. 
  • FortiGate versions 6.4.1 and below.

Solutions

  • Always upgrade to the FortiGate version 6.0.11 or above. 
  • Please upgrade to the FortiGate version 6.2.5 or above.
  • Please upgrade to the FortiGate version 6.4.2 or above. 

FortiWeb is vulnerable to a blind SQL injection

This vulnerability could easily allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by transmitting a request with a crafted Authorization header that contains a malicious SQL statement.

Affected Products

  • FortiWeb versions 6.3.7 and below. 
  • FortiWeb versions 6.2.3 and below.

Solutions

  • Please upgrade to FortiWeb version 6.3.8 or above.
  • Please upgrade to the FortiWeb versions 6.2.4 or above.

Stack-Based Buffer Overflow vulnerability in FortiWeb

This vulnerability could easily allow an unauthenticated, remote hacker to overwrite the stack’s content and potentially execute arbitrary code by transmitting a crafted request with a big certname.

Affected Products

  • FortiWeb versions 6.3.5 and below. 
  • FortiWeb versions 6.2.3 and below.

Solutions

  • Please upgrade to FortiWeb version 6.3.6 or above. 
  • Please upgrade to the FortiWeb versions 6.2.4 or above.

FortiWeb is vulnerable to a buffer overflow

This vulnerability could easily allow remote, unauthenticated hackers to crash the httpd (HTTP daemon) thread by transmitting a request with a crafted cookie header.

Affected Products

  • FortiWeb versions 6.3.7 and below. 
  • FortiWeb versions 6.2.3 and below.

Solutions

  • Please upgrade to FortiWeb version 6.3.8 or above. 
  • Please upgrade to the FortiWeb versions 6.2.4 or above.

FortiWeb is vulnerable to a format string vulnerability

This vulnerability could allow an authenticated, remote attacker to understand memory’s content and recover sensitive data through the redir parameter.

Affected Products

  • FortiWeb versions 6.3.5 and below.

Solutions

  • Please upgrade to FortiWeb version 6.3.6 or above.

FortiDeceptor is affected by an OS command injection vulnerability

This vulnerability could easily allow a remote authenticated attacker to execute arbitrary commands on the system by utilizing a command injection vulnerability on the Customization page.

Affected Products

  • FortiDeceptor versions 3.1.0 and below.
  • FortiDeceptor versions 3.0.1 and below.

Solutions

  • Please upgrade to the FortiDeceptor versions 3.2.0 or above.
  • Please upgrade to the FortiDeceptor versions 3.1.1 or above.
  • Please upgrade to the FortiDeceptor versions 3.0.2 or above.

Apart from this, the vendors have already suggested that every user should upgrade their FortiWeb versions to 6.3.8 or version 6.2.3 or version 6.2.4. 

Moreover, the security experts have also asserted that the procedures are quite challenging, but it is worth undertaking to reveal vulnerabilities in the security vendors’ products.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Leave a Reply