May 29, 2023

Researchers found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks.

The flaws, tracked as CVE-2020-29015, CVE-2020-29016, CVE-2020-29018, and CVE-2020-29019, have been already addressed by Fortinet with the release of security patches.

The vulnerabilities include a blind SQL injection, a stack-based buffer overflow issue, an overflow buffer overflow, and a format string vulnerability that could lead to the execution of unauthorized code or commands or denial-of-service (DoS)

The flaws reside in the FortiWeb administration interface, this means that a remote attacker could exploit them to potentially access the corporate network.

“A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.” reads the PSIRT advisory for the CVE-2020-29016.

The vendor recommends the customers to upgrade to FortiWeb versions:

6.2.4 or above to address the CVE-2020-29015 flaw
6.3.6 or above to address the CVE-2020-29016 and CVE-2020-29018
6.3.8 or above to address the CVE-2020-29019

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: