Cybersecurity specialists reported the finding of multiple vulnerabilities in various products developed by security firm Fortinet. According to the report, successful exploitation of these flaws would allow the deployment of cross-site scripting (XSS), buffer overflows and remote code execution attacks, among other hacking variants.
Below are brief descriptions of the reported flaws, in addition to their respective scores assigned by the Common Vulnerability Scoring System (CVSS).
CVE-2021-22122: This flaw exists due to insufficient disinfection of user input in the FortiWeb GUI interface. Remote threat actors could take advantage of this situation to send potential victims a specially designed link and execute HTML code and arbitrary scripts in the user’s browser in the context of a vulnerable website.
This is an average severity flaw that received a CVSS score of 5.3/10 and its successful exploitation would allow the theft of sensitive information, the deployment of phishing attacks and even the arbitrary modification of a website.
The flaw lies in the following versions of Fortinet FortiWeb: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7.
CVE-2018-13381: A boundary error while processing HTTP POST requests on the FortiProxy SSL VPN web portal would allow remote attackers to trick a victim into visiting a specially designed website and running arbitrary code on the device.
This is a high severity vulnerability that received a score of 7.7/10 and its exploitation would allow a total commitment of the target system.
The vulnerability resides in the following versions of FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8 and 2.0.0.
The flaw received a score of 7.7/10 and resides in the following versions of FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8 and 2.0.0.
While these vulnerabilities could be exploited by unauthenticated remote threat actors using unre complex techniques, specialists mention that so far no attempts to active exploit or the existence of a malware variant associated with an attack have been detected.
Security patches are now available, so Fortinet recommends that vulnerable deployment administrators update as soon as possible.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.