4 critical vulnerabilities in Fortinet FortiWeb product

Cybersecurity specialists report the detection of four vulnerabilities in FortiWeb, the web application firewall (WAF) solution developed by the technology firm Fortinet. According to the report, the successful exploitation of these flaws would allow the deployment of multiple malicious scenarios.

Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned under the Common Vulnerability Scoring System (CVSS).

CVE-2021-41018: Incorrect input validation in the affected application would allow authenticated remote users to send specially crafted HTTP GET requests to WAD configuration handlers and execute arbitrary commands on the affected system.

The flaw received a CVSS score of 7.7/10 and its successful exploitation could result in the execution of arbitrary shell commands on the vulnerable system.

CVE-2021-36193: A throttling error would allow local users to execute specially crafted commands on the target system to trigger a stack-based buffer overflow and execute arbitrary code on the target system.

This is a low-severity vulnerability and received a CVSS score of 5.8/10.

CVE-2021-42753: The vulnerability exists due to an input validation error when processing directory traversal sequences, which would allow remote users to send a specially crafted HTTP request and delete arbitrary files and folders from the affected system.

The vulnerability received a CVSS score of 5.7/10.

CVE-2021-43073: Incorrect input validation in FortiWeb would allow authenticated remote users to send specially crafted HTTP requests to the ApplicationDelivery, JsonProtection, and WebProtection handlers, leading to an arbitrary command execution scenario.

This is a high severity flaw and received a CVSS score of 7.7/10.

According to the report, the flaws reside in the following versions of Fortinet FortiWeb: 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.5, 5.8.6, 5.8.7, 5.9.0, 5.9.1, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.3.15,  6.3.16, 6.4.0 and 6.4.1.

While vulnerabilities can be exploited by unauthenticated threat actors, no active exploitation attempts have been detected so far. However, cybersecurity specialists recommend updating as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.