IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Fortinet firewall flaw could allow hackers to take over a device

Unpatched vulnerability in security system could allow execution of arbitrary commands

A bug in Fortinet’s web application firewall (WAF) platform FortiWeb could enable hackers to take over the device and run commands on it.

According to researchers at Rapid7, an operating system (OS) command injection vulnerability in FortiWeb's management interface could let a remote authenticated attacker execute arbitrary commands on the system, via the SAML server configuration page. The vulnerability affects FortiWeb versions 6.3.11 and below. 

Researcher William Vu of Rapid7 — the researcher who discovered the bug — found this was an instance of CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The flaw received a severity score of 8.7.

Tod Beardsley, director of Research at Rapid7, said a hacker who’s initially authenticated to the FortiWeb device’s management interface can smuggle commands using backticks in the SAML Server configuration page’s "Name" field. These commands are then executed as the root user of the underlying operating system. 

“An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges. They might install a persistent shell, crypto mining software, or other malicious software,” Beardsley said.

Related Resource

2021 IBM Security X-Force Insider Threat Report

Top discovery methods and recommendations for insider attacks

White background with a black border on side - whitepaper from IBMFree download

Beardsley added that in the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ. He added that researchers at the firm identified less than 300 devices that appear to be exposing their management interfaces to the general internet.

While a hacker needs authentication to exploit the bug, researchers warned they could combine it with another authentication bypass issue, such as CVE-2020-29015.

“In the absence of a patch, users are advised to disable the FortiWeb device’s management interface from untrusted networks, which would include the internet,” according to Beardsley. “Generally speaking, management interfaces for devices like FortiWeb should not be exposed directly to the internet anyway — instead, they should be reachable only via trusted, internal networks, or over a secure VPN connection.”

In June, security researchers discovered a Fortinet FortiWeb firewall vulnerability that could let an attacker take full control of the security device. This came after the FBI issued a warning in May that an APT group exploited a Fortigate appliance to access a web server hosting the domain for a municipal government.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022
Storage's role in addressing the challenges of ensuring cyber resilience
Whitepaper

Storage's role in addressing the challenges of ensuring cyber resilience

4 Jul 2022
Introducing IBM Security QRadar XDR
Whitepaper

Introducing IBM Security QRadar XDR

4 Jul 2022
The Total Economic Impact™ of IBM Security MaaS360 with Watson
Whitepaper

The Total Economic Impact™ of IBM Security MaaS360 with Watson

4 Jul 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022