IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Fortinet firewall vulnerability could give hackers full control

The FBI has issued multiple warnings of hackers using flaws in Fortinet products

Security researchers have discovered a vulnerability in the Fortinet FortiWeb firewall that could let an attacker take full control of the security device. This vulnerability, assigned CVE-2021-22123 and a CVSSv3 score of 7.4, is highly dangerous. 

According to Andrey Medov, the researcher at Positive Technologies who discovered the bug, a command injection vulnerability exists in the FortiWeb management interface that may allow authenticated remote attackers to execute arbitrary commands in the system via the SAML server configuration page. Executing commands with maximum privileges will give the attacker full control over the server. 

“If, as a result of incorrect configuration, the firewall administration interface is available on the Internet, and the product itself is not updated to the latest versions, then the combination of CVE-2021-22123 and CVE-2020-29015 that Positive Technologies discovered earlier may allow an attacker to penetrate the internal network,” he said.

The vendor issued a security advisory patching the flaw last month. To fix the vulnerability, update FortiWeb 6.3.7 (and earlier), 6.2.3 (and earlier), 6.1.x, 6.0.x, or 5.9.x to versions 6.3.8 or 6.2.4, depending on the build used. 

The patch comes after an FBI warning last month where an APT group exploited a Fortigate appliance to access a web server hosting the domain for a US municipal government.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

"The APT actors likely created an account with the username 'elie' to further enable malicious activity on the network," according to the Feds.

While the FBI did not say which local government was hacked, it has issued multiple warnings of hackers using flaws in Fortinet products.

“The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned in April 2021 that APT actors had gained access to devices on ports 4443, 8443, and 10443 for Fortinet FortiOS CVE-2018-13379, and enumerated devices for FortiOS CVE-2020- 12812 and FortiOS CVE-2019-5591,” the flash notice read.

The FBI added that APT actors can leverage their access to conduct data exfiltration, data encryption, or other malicious activity. 

“The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors,” the FBI warned.

Organizations using these products should update them as soon as possible.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Twilio account breach result of sophisticated social engineering campaign
Security

Twilio account breach result of sophisticated social engineering campaign

9 Aug 2022
Over 200,000 DrayTek routers vulnerable to total device takeover
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

3 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022