Security researchers have discovered a vulnerability in the Fortinet FortiWeb firewall that could allow an attacker acquire whole control of the security unit. This vulnerability, assigned CVE-2021-22123 and a CVSSv3 score of 7.4, is remarkably unsafe.
According to Andrey Medov, the researcher at Positive Systems who discovered the bug, a command injection vulnerability exists in the FortiWeb management interface that may possibly let authenticated distant attackers to execute arbitrary instructions in the program by using the SAML server configuration site. Executing instructions with most privileges will give the attacker comprehensive control over the server.
“If, as a final result of incorrect configuration, the firewall administration interface is obtainable on the Internet, and the product or service itself is not updated to the newest versions, then the mixture of CVE-2021-22123 and CVE-2020-29015 that Constructive Technologies found out before might enable an attacker to penetrate the inside network,” he stated.
The vendor issued a security advisory patching the flaw past thirty day period. To take care of the vulnerability, update FortiWeb 6.3.7 (and previously), 6.2.3 (and earlier), 6.1.x, 6..x, or 5.9.x to versions 6.3.8 or 6.2.4, relying on the make applied.
The patch comes following an FBI warning last thirty day period in which an APT team exploited a Fortigate equipment to entry a web server hosting the domain for a US municipal authorities.
“The APT actors probable established an account with the username ‘elie’ to even further help malicious activity on the network,” in accordance to the Feds.
When the FBI did not say which local govt was hacked, it has issued many warnings of hackers utilizing flaws in Fortinet items.
“The FBI and the Cybersecurity and Infrastructure Security Company (CISA) previously warned in April 2021 that APT actors experienced received obtain to units on ports 4443, 8443, and 10443 for Fortinet FortiOS CVE-2018-13379, and enumerated gadgets for FortiOS CVE-2020- 12812 and FortiOS CVE-2019-5591,” the flash see read.
The FBI extra that APT actors can leverage their obtain to carry out data exfiltration, facts encryption, or other destructive exercise.
“The APT actors are actively concentrating on a broad assortment of victims across a number of sectors, indicating the exercise is targeted on exploiting vulnerabilities relatively than qualified at particular sectors,” the FBI warned.
Corporations using these items really should update them as before long as doable.
Some pieces of this write-up are sourced from: