Home > Cyber News > Fortinet FortiWeb WAF Appliances Exposed to Serious Unpatched Flaw

Fortinet FortiWeb WAF Appliances Exposed to Serious Unpatched Flaw

There is a recently disclosed unpatched flaw in Fortinet’s web application firewall appliances. The vulnerability could be exploited by remotes authenticated attackers to execute malicious commands.

Related: Top Exploited Vulnerabilities in 2020: Hackers Take Advantage of Remote Work

In other words, there is an OS command injection vulnerability in FortiWeb’s management interface (version 6.3.11 and prior) which could allow remote, authenticated attacks via the SAML server configuration page. The flaw was discovered by Rapid7 security researcher William Vu. It is noteworthy that the vulnerability is related to a previous vulnerability, known as CVE-2021-22123.

First of all, what is Fortinet FortiWeb?

Fortinet FortiWeb is a web application firewall (WAF) that captures both known and unknown exploits targeting the protected web applications before they have a chance to execute.

However, the vulnerability enables an attack, who is authenticated to the management interface of the device, to push commands via backticks in the “Name” field of the SAML server configuration page. As a result of the flaw, the commands will be executed as the root user of the OS.

What is the impact of the FortiWeb vulnerability?

“An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges,” Rapid7 says. The exploitation of the flaw could lead to the installation of a persistent shell, cryptomining software or any other malicious program.

“In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ,” the researchers warn.
Since a patch is not available, users should disable the FortiWeb device’s management interface from untrusted networks, including the internet.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree