Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3914.2 FortiMail admin privilege escalation through improper user profile control 6 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiMail Publisher: Fortinet Operating System: Network Appliance Virtualisation Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-15712 CVE-2019-15707 Original Bulletin: https://fortiguard.com/psirt/FG-IR-19-237 Revision History: January 6 2020: New fix on 5.4.11 released October 21 2019: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- FortiMail admin privilege escalation through improper user profile control IR Number : FG-IR-19-237 Date : Oct 18, 2019 Risk : 4/5 Impact : Improper Access Control CVE ID : CVE-2019-15707, CVE-2019-15712 Summary Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functions they should not be authorized for. Specifically, the two vulnerabilities are identified as the following: CVE-2019-15712: improper access control to web console CVE-2019-15707: improper access control to system backup config download Impact Improper Access Control Affected Products FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below. Solutions Upgrade to 6.2.1, 6.0.7 or 5.4.11 After upgrading to the patched version: * web console in admin webUI will be controlled by the following profile setting: config system accprofile set others read, read-write or none end * system config downloading will be controlled by the following profile setting: config system accprofile set system read, read-write or none end Revision History: 2019-10-18 Initial version 2020-01-03 New fix on 5.4.11 released Acknowledgement Fortinet is pleased to thank Danilo Costa from PBI Dynamic IT Security for reporting this vulnerability under responsible disclosure. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXhLDvWaOgq3Tt24GAQjJnA//YlVPA7RNVlmc9ckYBZEKfaM+e8hvZRIr mBvEtInwTQE0j7spNZ+Bzya3JBdo+cx/2+jtIoKgdjSCxEEftBCTFlqTWxUhGn7S Cp7Qnv9FEd8gAga0FUnElFmZsQXGs9nGOj+d35LXKSkcN6GQGS+WBNpMLb2Pkac0 LnlRanxUbaIeGEWytGxb4JnGJYxuntoMFZAcC6vHrTcfP7fneZhBj3qeeIfoW9gR lA3k+6zulM1OAaORzGh8UAEvmt/kLsP9An3FnIfsuELJieGNz+LtX1PzjQNNrZi2 Lyd5beTrL7+39PQ80jBUnSvPhoW4P8PpXcaWZE0N0TOmhwwZEWJe7W4KtQC8e4F6 9ERj4rSsU0CcXsl3Jy7r83Da0SdwcKwmB2LYFRn6EMUMP1o7WBb3NTf0XrBiQ/tA GrcYeNL92cVUpGJuPzD/DjdDC9QsBfPf7TuQV9m5NDHXKMgwdI7dC2uAzKgJB5f2 3UgQZaKoW4rfLxG9HcdaO5ibW0MmxW5iaFcGuM6TUnEgu6uV1QCZ83KeoMHYtd0n rb+Z6hvoobxGgSSsAIfWEttr1/Ik2yrLh0DkkMvvjS80tqrSzUbrbuKkJU/LMZya +VTiLqRr4dhvse9BPJMZpavEdrx7vjDC/CmzNDdozdeKAnG8yaqfoyH3EAMFgCsI 2888HQvw0dY= =Wp7y -----END PGP SIGNATURE-----