Fortinet firewall vulnerability could give hackers full control
The FBI has issued multiple warnings of hackers using flaws in Fortinet products
Security researchers have discovered a vulnerability in the Fortinet FortiWeb firewall that could let an attacker take full control of the security device. This vulnerability, assigned CVE-2021-22123 and a CVSSv3 score of 7.4, is highly dangerous.
According to Andrey Medov, the researcher at Positive Technologies who discovered the bug, a command injection vulnerability exists in the FortiWeb management interface that may allow authenticated remote attackers to execute arbitrary commands in the system via the SAML server configuration page. Executing commands with maximum privileges will give the attacker full control over the server.
“If, as a result of incorrect configuration, the firewall administration interface is available on the Internet, and the product itself is not updated to the latest versions, then the combination of CVE-2021-22123 and CVE-2020-29015 that Positive Technologies discovered earlier may allow an attacker to penetrate the internal network,” he said.
The vendor issued a security advisory patching the flaw last month. To fix the vulnerability, update FortiWeb 6.3.7 (and earlier), 6.2.3 (and earlier), 6.1.x, 6.0.x, or 5.9.x to versions 6.3.8 or 6.2.4, depending on the build used.
The patch comes after an FBI warning last month where an APT group exploited a Fortigate appliance to access a web server hosting the domain for a US municipal government.
RELATED RESOURCE
The secure cloud configuration imperative
The central role of cloud security posture management
"The APT actors likely created an account with the username 'elie' to further enable malicious activity on the network," according to the Feds.
While the FBI did not say which local government was hacked, it has issued multiple warnings of hackers using flaws in Fortinet products.
“The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned in April 2021 that APT actors had gained access to devices on ports 4443, 8443, and 10443 for Fortinet FortiOS CVE-2018-13379, and enumerated devices for FortiOS CVE-2020- 12812 and FortiOS CVE-2019-5591,” the flash notice read.
The FBI added that APT actors can leverage their access to conduct data exfiltration, data encryption, or other malicious activity.
“The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors,” the FBI warned.
Organizations using these products should update them as soon as possible.
-
Ugreen NASync DXP4800 Pro reviewReviews A great value 4-bay NAS with a top hardware spec and good 10GbE performance but Ugreen's software is playing catch-up with the competition
-
Hardware volatility continues to squeeze channel marginsMemory pricing, in particular, is causing tension and forcing the channel ecosystem to quickly adapt to fast-changing market dynamics
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
-
Microsoft patches six zero-days targeting Windows, Word, and more – here’s what you need to knowNews Patch Tuesday update targets large number of vulnerabilities already being used by attackers
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
