Particulars have emerged a few new unpatched safety vulnerability in Fortinet’s internet utility firewall (WAF) home equipment that could possibly be abused by a distant, authenticated attacker to execute malicious instructions on the system.
“An OS command injection vulnerability in FortiWeb’s administration interface (model 6.3.11 and prior) can enable a distant, authenticated attacker to execute arbitrary instructions on the system, by way of the SAML server configuration web page,” cybersecurity agency Rapid7 said in an advisory revealed Tuesday. “This vulnerability seems to be associated to CVE-2021-22123, which was addressed in FG-IR-20-120.”
Rapid7 stated it found and reported the difficulty in June 2021. Fortinet is anticipated to launch a patch on the finish of August with model Fortiweb 6.4.1.
The command injection flaw is but to be assigned a CVE identifier, nevertheless it has a severity score of 8.7 on the CVSS scoring system. Profitable exploitation of the vulnerability can enable authenticated attackers to execute arbitrary instructions as the foundation consumer on the underlying system by way of the SAML server configuration web page.
“An attacker can leverage this vulnerability to take full management of the affected system, with the very best doable privileges,” Rapid7’s Tod Beardsley stated. “They could set up a persistent shell, crypto mining software program, or different malicious software program. Within the unlikely occasion the administration interface is uncovered to the web, they might use the compromised platform to succeed in into the affected community past the DMZ.”
Rapid7 additionally warns that whereas authentication is a prerequisite for attaining arbitrary command execution, the exploit could possibly be chained with an authentication bypass flaw, similar to CVE-2020-29015. Within the interim, customers are suggested to dam entry to the FortiWeb system’s administration interface from untrusted networks, together with taking steps to forestall direct publicity to the web.
Though there isn’t any proof that the brand new safety subject has been exploited within the wild, it is value noting that unpatched Fortinet servers have been a profitable goal for financially motivated and state-sponsored risk actors alike.
Earlier this April, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA) warned of superior persistent risk teams focusing on Fortinet FortiOS servers by leveraging CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 to compromise programs belonging to authorities and industrial entities.
In the identical month, Russian cybersecurity firm Kaspersky revealed that risk actors exploited the CVE-2018-13379 vulnerability in FortiGate VPN servers to realize entry to enterprise networks in European international locations to deploy the Cring ransomware.