Critical vulnerabilities in FortiWeb and FortiOS affecting Fortinet products

Cybersecurity specialists report the detection of multiple security flaws in FortiWeb and FortiSandbox, two popular security products from Fortinet. According to the report, successful exploitation of the flaws would allow threat actors to access sensitive information and execute code on the affected systems.

Below are brief descriptions of the reported flaws, as well as their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-29012: A session expiration error in FortiSandbox would allow unauthenticated remote threat actors to intercept or guess a session token and gain unauthorized access to other users’ session.

This flaw received a CVSS score of 4.6/10 and is considered a medium severity error. The flaw lies in the following versions of FortiSandbox: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.2.0 and 3.2.1. 

CVE-2020-29013: Incorrect input validation in the FortiSandbox sniffer interface would allow remote user threat actors to send reams of specially crafted requests and silently stop the sniffer software.

The vulnerability received a CVSS score of 4.6/10 and its successful exploitation would allow remote deployment of denial-of-service (DoS) attacks. The flaw lies in the following versions of FortiSandbox: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.2.0 and 3.2.1. 

CVE-2021-36179: A limit error in the FortiWeb CLI interface would allow remote threat actors to trigger a stack-based buffer overflow and execute unauthorized code through “config backup” arguments.

This is a medium severity vulnerability and received a CVSS score of 7/10 because its exploitation would allow full compromise of the affected system.

The flaw resides in the following versions of Fortinet FortiWeb: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13 and 6.3.14.

CVE-2021-36182: Incorrect input validation in FortiWeb would allow a remote authenticated user to send a specially crafted HTTP request to the affected application.

The vulnerability received a CVSS score of 7.7/10 and its successful exploitation would allow the execution of arbitrary shell commands on the target system. This flaw resides in the following versions of Fortinet FortiWeb: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12 and 6.3.13.

All reported flaws can be exploited remotely by unauthenticated threat actors, although so far no cases of exploitation linked to these reports have been detected. However, users of affected deployments are encouraged to upgrade as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.