A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands. The flaw can pose an even more serious risk if it’s chained with a misconfiguration and another recently discovered security hole.
Andrey Medov, a researcher at Russian enterprise cybersecurity firm Positive Technologies, discovered that the FortiWeb firewall — specifically its management interface — is affected by a vulnerability that can allow a remote, authenticated attacker to execute commands on the system via the SAML server configuration page.
The flaw, tracked as CVE-2021-22123, has been patched with the release of FortiWeb versions 6.3.8 and 6.2.4, Fortinet said in an advisory published in late May.
Medov warned on Thursday that the vulnerability can be exploited by an authenticated attacker to execute arbitrary commands with maximum privileges, which can be used to take complete control of the server.
The researcher noted that the impact of the vulnerability can be even more serious if it’s chained with a misconfiguration and a separate vulnerability he discovered recently in FortiWeb.
That vulnerability, tracked as CVE-2020-29015 and disclosed by Fortinet in January, is a medium-severity blind SQL injection issue that can allow a remote, unauthenticated attacker to execute SQL commands or queries by sending a specially crafted request.
“If, as a result of incorrect configuration, the firewall administration interface is available on the Internet, and the product itself is not updated to the latest versions, then the combination of CVE-2021-22123 and CVE-2020-29015 that Positive Technologies discovered earlier may allow an attacker to penetrate the internal network,” Medov explained.
Positive Technologies was sanctioned recently by the U.S. government for allegedly supporting Kremlin intelligence agencies. However, the company said it will continue to responsibly disclose the vulnerabilities found by its employees in the products of major U.S. companies.
Related: VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm
Related: Serious Vulnerabilities Found in CODESYS Software Used by Many ICS Products
Related: WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
