An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack.
Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks.
The vulnerabilities include a blind SQL injection, a stack-based buffer overflow issue, an overflow buffer overflow, and a format string vulnerability that could lead to the execution of unauthorized code or commands or denial-of-service (DoS) conditions.
The flaws reside in the FortiWeb administration interface, this means that a remote attacker could exploit them to potentially access the corporate network.
“A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.” reads the PSIRT advisory for the CVE-2020-29016.
The vendor recommends the customers to upgrade to FortiWeb versions:
- 6.2.4 or above to address the CVE-2020-29015 flaw
- 6.3.6 or above to address the CVE-2020-29016 and CVE-2020-29018
- 6.3.8 or above to address the CVE-2020-29019
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Fortinet FortiWeb)