Unresolved Remote Hacking Vulnerability Found in Fortinet’s FortiWeb WAF

Aug 18, 2021

Recent revelations highlight a serious, unpatched security flaw in Fortinet’s web application firewall (WAF) that could enable a remote authenticated attacker to execute harmful commands on the system. According to cybersecurity firm Rapid7, an OS command injection vulnerability in FortiWeb’s management interface (versions 6.3.11 and earlier) allows this exploitation through the SAML server configuration page. This issue is linked to CVE-2021-22123, which was noted in advisory FG-IR-20-120. Rapid7 identified and reported the vulnerability in June 2021, and Fortinet plans to release a fix in late August with FortiWeb version 6.4.1. While this command injection flaw has not yet been assigned a CVE identifier, it carries a severity rating of 8.7 on the CVSS scoring system. Exploiting this vulnerability could enable authenticated users to execute arbitrary commands.

Unresolved Remote Hacking Vulnerability Uncovered in Fortinet’s FortiWeb WAF
Published on August 18, 2021

A newly identified, unaddressed security vulnerability has been reported in Fortinet’s FortiWeb Web Application Firewall (WAF) appliances, raising concerns among cybersecurity experts. This flaw could potentially permit a remote, authenticated attacker to execute arbitrary commands on the system, exploiting weaknesses in the management interface, specifically found in versions 6.3.11 and earlier. The cybersecurity firm Rapid7 disclosed these findings in an advisory issued earlier this week.

According to Rapid7, the issue relates to an OS command injection vulnerability that affects the SAML server configuration page of FortiWeb. This vulnerability has drawn parallels with CVE-2021-22123, which Fortinet previously addressed in their security update FG-IR-20-120. Rapid7 noted that they discovered and reported this critical issue back in June 2021. Fortinet is anticipated to issue a patch by the end of August with the release of FortiWeb version 6.4.1.

Despite its significance, this command injection vulnerability has not yet been assigned a CVE identifier but has been rated 8.7 on the Common Vulnerability Scoring System (CVSS). The successful exploitation of this vulnerability could enable authenticated attackers to exert considerable control over affected systems, raising alarms within the cybersecurity community.

In terms of the potential tactics and techniques employed in this attack, the MITRE ATT&CK framework provides useful context. The initial access phase could be achieved through compromised credentials, allowing an attacker to gain authenticated access. Subsequent steps might involve privilege escalation, taking advantage of the injection flaw to execute commands with elevated rights, thereby increasing the attacker’s control over the system.

While Fortinet prepares to address this vulnerability, businesses relying on FortiWeb must remain vigilant. Cybersecurity risks continue to evolve, and organizations should prioritize updating their systems to mitigate exposure to such critical threats. Maintaining a proactive security posture is essential for safeguarding sensitive data and preserving operational integrity in today’s increasingly sophisticated cyber landscape.

As the situation develops, businesses should stay informed and take appropriate measures to ensure their systems are protected against such vulnerabilities.

Source link

Related Posts

Critical BadAlloc Vulnerability Impacts BlackBerry QNX in Millions of Vehicles and Medical Devices

August 18, 2021

A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.

Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats

A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.

Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers

Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.

New Microsoft Exchange ‘ProxyToken’ Vulnerability Allows Attackers to Alter Mailbox Configurations

Details have surfaced regarding a recently patched security flaw in Microsoft Exchange Server that could be exploited by unauthenticated attackers to change server settings, potentially exposing Personally Identifiable Information (PII). The vulnerability, identified as CVE-2021-33766 (CVSS score: 7.3) and referred to as “ProxyToken,” was found by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. According to the ZDI, “With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users.” For instance, the attacker could redirect all emails sent to a targeted account to a mailbox they control. Microsoft addressed this issue in its Patch Tuesday updates for July 2021.