Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks.
The flaws, tracked as CVE-2020-29015, CVE-2020-29016, CVE-2020-29018, and CVE-2020-29019, have been already addressed by Fortinet with the release of security patches.
The vulnerabilities include a blind SQL injection, a stack-based buffer overflow issue, an overflow buffer overflow, and a format string vulnerability that could lead to the execution of unauthorized code or commands or denial-of-service (DoS) conditions.
The flaws reside in the FortiWeb administration interface, this means that a remote attacker could exploit them to potentially access the corporate network.
“A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.” reads the PSIRT advisory for the CVE-2020-29016.
The vendor recommends the customers to upgrade to FortiWeb versions:
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Fortinet FortiWeb)
[adrotate banner=”5″]
[adrotate banner=”13″]
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
This website uses cookies.