There's a critical vulnerability in FortiWeb. Here's what you need to know.
Background
Fortinet released an advisory detailing a critical security flaw (CVE-2021-42756) in their web application firewall (WAF), FortiWeb products. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Corvus has observed similar vulnerabilities lead to ransomware incidents. Security patches have been released and should be applied as soon as possible.
Impact
The vulnerability affects Fortinet appliances running the following versions:
- FortiWeb versions 5.x all versions
- FortiWeb versions 6.0.7 and below
- FortiWeb versions 6.1.2 and below
- FortiWeb versions 6.2.6 and below
- FortiWeb versions 6.3.16 and below
- FortiWeb versions 6.4 all versions
Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.
Next Steps
- Download and install the latest version of the affected products:
- Upgrade to FortiWeb 7.0.0 or above
- Upgrade to FortiWeb 6.3.17 or above
- Upgrade to FortiWeb 6.2.7 or above
- Upgrade to FortiWeb 6.1.3 or above
- Upgrade to FortiWeb 6.0.8 or above