FortiWeb Vulnerability Alert | February 2023

There's a critical vulnerability in FortiWeb. Here's what you need to know.

Background

Fortinet released an advisory detailing a critical security flaw (CVE-2021-42756) in their web application firewall (WAF), FortiWeb products. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Corvus has observed similar vulnerabilities lead to ransomware incidents. Security patches have been released and should be applied as soon as possible.

Impact

The vulnerability affects Fortinet appliances running the following versions:

  • FortiWeb versions 5.x all versions
  • FortiWeb versions 6.0.7 and below
  • FortiWeb versions 6.1.2 and below
  • FortiWeb versions 6.2.6 and below
  • FortiWeb versions 6.3.16 and below
  • FortiWeb versions 6.4 all versions 

Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.

Next Steps

  1. Download and install the latest version of the affected products:
    • Upgrade to FortiWeb 7.0.0 or above
    • Upgrade to FortiWeb 6.3.17 or above
    • Upgrade to FortiWeb 6.2.7 or above
    • Upgrade to FortiWeb 6.1.3 or above
    • Upgrade to FortiWeb 6.0.8 or above

Resources