Home Cyber Crime Fortinet WAF vulnerable to command injection attacks, researchers find

Fortinet WAF vulnerable to command injection attacks, researchers find


Patch for FortiWeb flaw due over the approaching days

Fortinet FortiWeb WAF addressing security flaw

A vulnerability has been found in Fortinet’s internet utility firewall (WAF) that permits attackers to run arbitrary instructions on units and servers operating the safety software program, in line with new findings by Rapid7.

FortiWeb protects internet purposes from assaults that focus on recognized and unknown vulnerabilities. Fortinet supplies FortiWeb as a SaaS providing as nicely {hardware} WAFs with varied community capacities.

In keeping with Rapid7’s William Wu, the SAML configuration web page of FortiWeb had a command injection vulnerability that allowed attackers to embed arbitrary system instructions in internet requests.

These instructions would then be executed as the foundation person on the working system operating FortiWeb.

Authentication required

A proof of idea reveals how an attacker might exploit the vulnerability by including a backtick and an arbitrary command to an HTTP request.

The vulnerability is just accessible to authenticated events, so an adversary would wish to achieve entry to the administrator’s credentials earlier than staging the assault.

Nonetheless, as soon as the system is compromised, the attacker can leverage the vulnerability to regulate the affected system “with the best potential privileges”, in line with Rapid7.

Read more of the latest infosec research news

“[The attacker] would possibly set up a persistent shell, crypto-mining software program, or different malicious software program,” Rapid7 wrote in its advisory.

If the system’s administration interface is uncovered to the web, the attacker might use the compromised platform to succeed in into the affected community past the secured perimeter.

Rapid7’s researchers discovered lower than 300 FortiWeb units that had their administration interface accessible by the final web.

Patch incoming

Fortinet will patch the bug within the subsequent model of FortiWeb (6.4.1), which in line with Rapid7 shall be launched later in August.

Within the meantime, Rapid7 advises directors to make FortiWeb’s system administration interface inaccessible to untrusted networks, together with the final web.

“Usually talking, administration interfaces for units like FortiWeb shouldn’t be uncovered on to the web anyway – as a substitute, they need to be reachable solely through trusted, inner networks, or over a safe VPN connection,” Rapid7 wrote on its weblog.

YOU MIGHT ALSO LIKE Realtek SDK vulnerabilities impact dozens of downstream IoT vendors

Source link