Articles Uncategorized Fortinet has fixed vulnerabilities discovered by Positive Technologies

Fortinet has fixed vulnerabilities discovered by Positive Technologies


Fortinet has closed four vulnerabilities in FortiWeb identified by Positive Technologies expert Andrey Medov. FortiWeb is a family of firewalls for protecting web applications.

The first vulnerability ( CVE-2020-29015 , score 6.4 on the CVSS v3.1 scale) allows blind SQL injection through the FortiWeb user interface. An unauthorized attacker could execute arbitrary SQL queries remotely by sending a request with an Authorization header containing a malicious SQL statement. To fix the problem, you need to update FortiWeb 6.3.x and 6.2.x to versions 6.3.8 and 6.2.4, respectively.

Two other vulnerabilities are related to a stack buffer overflow. Bug CVE-2020-29016 (score 6.4) could allow an unauthorized remote attacker to overwrite the contents of the stack and execute arbitrary code by sending a request with a specially crafted GET parameter certname. To fix it, you need to update FortiWeb 6.3.x and 6.2.x to versions 6.3.6 and 6.2.4, respectively. Vulnerability CVE-2020-29019 (score also 6.4) can be exploited to attack the httpd daemon via a request with a specially crafted cookie parameter. Update to 6.3.8 and 6.2.4 is required.

The fourth vulnerability ( CVE-2020-29018 , score 5.3) – format string vulnerability – allows you to read the contents of memory, obtain confidential data, execute unauthorized code or commands using the redir parameter. The attack is carried out remotely. Users should update FortiWeb 6.3.x to version 6.3.6.

The fixes were posted by Fortinet PSIRT on January 4, 2021. The developer strongly encouraged his customers to install the updates as soon as possible.

“The most dangerous among these four vulnerabilities are SQL injection (CVE-2020-29015) and buffer overflow (CVE-2020-29016),” says Andrey Medov. – Exploitation of both bugs does not require authorization. The first allows, due to the excessive privileges of the DBMS user, to get the hash of the system administrator account (which gives access to the API, and without decrypting the hash value), the second – to execute arbitrary code. The format string vulnerability (CVE-2020-29018) also potentially leads to code execution, but requires authorization to exploit it. “

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you