Particulars have emerged a couple of new unpatched safety vulnerability in Fortinet’s net utility firewall (WAF) home equipment that could possibly be abused by a distant, authenticated attacker to execute malicious instructions on the system.
“An OS command injection vulnerability in FortiWeb’s administration interface (model 6.3.11 and prior) can permit a distant, authenticated attacker to execute arbitrary instructions on the system, by way of the SAML server configuration web page,” cybersecurity agency Rapid7 said in an advisory printed Tuesday. “This vulnerability seems to be associated to CVE-2021-22123, which was addressed in FG-IR-20-120.”
Rapid7 mentioned it found and reported the problem in June 2021. Fortinet is anticipated to launch a patch on the finish of August with model Fortiweb 6.4.1.
The command injection flaw is but to be assigned a CVE identifier, but it surely has a severity ranking of 8.7 on the CVSS scoring system. Profitable exploitation of the vulnerability can permit authenticated attackers to execute arbitrary instructions as the basis person on the underlying system by way of the SAML server configuration web page.
“An attacker can leverage this vulnerability to take full management of the affected gadget, with the very best attainable privileges,” Rapid7’s Tod Beardsley mentioned. “They could set up a persistent shell, crypto mining software program, or different malicious software program. Within the unlikely occasion the administration interface is uncovered to the web, they might use the compromised platform to succeed in into the affected community past the DMZ.”
Rapid7 additionally warns that whereas authentication is a prerequisite for reaching arbitrary command execution, the exploit could possibly be chained with an authentication bypass flaw, comparable to CVE-2020-29015. Within the interim, customers are suggested to dam entry to the FortiWeb gadget’s administration interface from untrusted networks, together with taking steps to forestall direct publicity to the web.
Though there isn’t any proof that the brand new safety difficulty has been exploited within the wild, it is price noting that unpatched Fortinet servers have been a profitable goal for financially motivated and state-sponsored risk actors alike.
Earlier this April, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA) warned of superior persistent risk teams concentrating on Fortinet FortiOS servers by leveraging CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 to compromise methods belonging to authorities and industrial entities.
In the identical month, Russian cybersecurity firm Kaspersky revealed that risk actors exploited the CVE-2018-13379 vulnerability in FortiGate VPN servers to achieve entry to enterprise networks in European nations to deploy the Cring ransomware.