Particulars have emerged a couple of new unpatched safety vulnerability in Fortinet’s internet utility firewall (WAF) home equipment that could possibly be abused by a distant, authenticated attacker to execute malicious instructions on the system.
“An OS command injection vulnerability in FortiWeb’s administration interface (model 6.3.11 and prior) can enable a distant, authenticated attacker to execute arbitrary instructions on the system, through the SAML server configuration web page,” cybersecurity agency Rapid7in an advisory revealed Tuesday. “This vulnerability seems to be associated to , which was addressed in .”
Rapid7 mentioned it found and reported the problem in June 2021. Fortinet is anticipated to launch a patch on the finish of August with model Fortiweb 6.4.1.
The command injection flaw is but to be assigned a CVE identifier, nevertheless it has a severity score of 8.7 on the CVSS scoring system. Profitable exploitation of the vulnerability can enable authenticated attackers to execute arbitrary instructions as the basis person on the underlying system through the SAML server configuration web page.
“An attacker can leverage this vulnerability to take full management of the affected machine, with the best attainable privileges,” Rapid7’s Tod Beardsley mentioned. “They could set up a persistent shell, crypto mining software program, or different malicious software program. Within the unlikely occasion the administration interface is uncovered to the web, they may use the compromised platform to achieve into the affected community past the DMZ.”
Rapid7 additionally warns that whereas authentication is a prerequisite for reaching arbitrary command execution, the exploit could possibly be chained with an authentication bypass flaw, similar to. Within the interim, customers are suggested to dam entry to the FortiWeb machine’s administration interface from untrusted networks, together with taking steps to forestall direct publicity to the web.
Though there isn’t a proof that the brand new safety subject has been exploited within the wild, it is value noting that unpatched Fortinet servers have been a profitable goal for financially motivated and state-sponsored risk actors alike.
Earlier this April, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA)of superior persistent risk teams concentrating on Fortinet FortiOS servers by leveraging , , and to compromise programs belonging to authorities and business entities.
In the identical month, Russian cybersecurity firm Kasperskythat risk actors exploited the CVE-2018-13379 vulnerability in FortiGate VPN servers to realize entry to enterprise networks in European nations to deploy the Cring ransomware.