Fortinet has fixed several critical flaws affecting its products.
Ranging from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS), the vulnerabilities impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.
Numerous advisories published by FortiGuard Labs this month and in January 2021 mention various serious flaws that the company has been fixing in their products.
The vulnerability CVE-2018-13381 in FortiProxy SSL VPN is more critical that can be generated by a remote, unauthenticated actor through a crafted POST request.
Owing to a buffer overflow in the SSL VPN portal of FortiProxy, a specially created POST request of large size, when received by the product is able to crash it, leading to a Denial of Service (DoS) condition.
Similarly, CVE-2018-13383 is exciting in that a hacker can misuse it to trigger an overflow in the VPN via JavaScript’s HREF content property.
Vulnerabilities in FortiWeb Web Application Firewall were exposed and reliably reported by researcher Andrey Medov at Positive Technologies.
“The most dangerous of these four vulnerabilities are the SQL Injection (CVE-2020-29015) and Buffer Overflow (CVE-2020-29016) as their exploitation does not require authorization.”
“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value.”
“The second one allows arbitrary code execution. Additionally, the format string vulnerability (CVE-2020-29018) also may allow code execution, but its exploitation requires authorization,” says Medov in a blog post.