A bug in Fortinet’s web application firewall (WAF) system FortiWeb could empower hackers to consider more than the machine and operate instructions on it.
According to researchers at Quick7, an working program (OS) command injection vulnerability in FortiWeb’s administration interface could permit a remote authenticated attacker execute arbitrary commands on the procedure, by using the SAML server configuration webpage. The vulnerability influences FortiWeb variations 6.3.11 and below.
Researcher William Vu of Fast7 — the researcher who identified the bug — uncovered this was an instance of CWE-78: Inappropriate Neutralization of Particular Aspects utilized in an OS Command (‘OS Command Injection’). The flaw acquired a severity rating of 8.7.
Tod Beardsley, director of Exploration at Fast7, reported a hacker who’s initially authenticated to the FortiWeb device’s management interface can smuggle instructions applying backticks in the SAML Server configuration page’s “Identify” field. These instructions are then executed as the root consumer of the underlying running technique.
“An attacker can leverage this vulnerability to get total management of the afflicted system, with the maximum achievable privileges. They may well set up a persistent shell, crypto mining software program, or other destructive application,” Beardsley mentioned.
Beardsley additional that in the unlikely celebration the management interface is uncovered to the internet, they could use the compromised system to arrive at into the influenced network further than the DMZ. He additional that scientists at the firm identified significantly less than 300 units that surface to be exposing their administration interfaces to the standard internet.
When a hacker demands authentication to exploit the bug, scientists warned they could incorporate it with a further authentication bypass issue, these as CVE-2020-29015.
“In the absence of a patch, people are encouraged to disable the FortiWeb device’s management interface from untrusted networks, which would incorporate the internet,” according to Beardsley. “Generally talking, administration interfaces for products like FortiWeb need to not be uncovered instantly to the internet anyway — as a substitute, they ought to be reachable only by using dependable, inside networks, or more than a protected VPN relationship.”
In June, security researchers discovered a Fortinet FortiWeb firewall vulnerability that could permit an attacker take total control of the security gadget. This arrived after the FBI issued a warning in May possibly that an APT group exploited a Fortigate equipment to obtain a web server hosting the area for a municipal governing administration.
Some pieces of this write-up are sourced from: