Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Fortinet WAF vulnerable to command injection attacks, researchers find

A vulnerability has been discovered in Fortinet’s web application firewall (WAF) that allows attackers to run arbitrary commands on devices and servers running the security software, according to new findings by Rapid7.

FortiWeb protects web applications from attacks that target known and unknown vulnerabilities. Fortinet provides FortiWeb as a SaaS offering as well hardware WAFs with various network capacities.

According to Rapid7’s William Wu, the SAML configuration page of FortiWeb had a command injection vulnerability that allowed attackers to embed arbitrary system commands in web requests.

These commands would then be executed as the root user on the operating system running FortiWeb.

Authentication required

A proof of concept shows how an attacker could exploit the vulnerability by adding a backtick and an arbitrary command to an HTTP request.

The vulnerability is only accessible to authenticated parties, so an adversary would need to gain access to the administrator’s credentials before staging the attack.

However, once the device is compromised, the attacker can leverage the vulnerability to control the affected device “with the highest possible privileges”, according to Rapid7.

“[The attacker] might install a persistent shell, crypto-mining software, or other malicious software,” Rapid7 wrote in its advisory.

If the device’s management interface is exposed to the internet, the attacker could use the compromised platform to reach into the affected network beyond the secured perimeter.

Rapid7’s researchers found less than 300 FortiWeb devices that had their management interface accessible through the general internet.

Patch incoming

Fortinet will patch the bug in the next version of FortiWeb (6.4.1), which according to Rapid7 will be released later in August.

In the meantime, Rapid7 advises administrators to make FortiWeb’s device management interface inaccessible to untrusted networks, including the general internet.

“Generally speaking, management interfaces for devices like FortiWeb should not be exposed directly to the internet anyway – instead, they should be reachable only via trusted, internal networks, or over a secure VPN connection,” Rapid7 wrote on its blog.

Source: https://portswigger.net/daily-swig/fortinet-waf-vulnerable-to-command-injection-attacks-researchers-find

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

Cummins Inc. has approved its high-horsepower diesel engines across all ratings for use with unblended paraffinic fuels (EN15940), often referred to as renewable diesel,...

Business News

PT BAUER Pratama Indonesia, the Indonesian subsidiary of BAUER Spezialtiefbau GmbH, was commissioned to manufacture the retaining walls for the basement in Kota Station...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Business News

According to an official news release, Turner Construction has officially commenced a US$100 million renovation project at Albany International Airport, located in upstate New...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO