Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0899 FortiWeb security updates 12 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiWeb Publisher: Fortinet Operating System: Network Appliance Impact/Access: Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-6646 CVE-2019-16157 CVE-2019-16156 Original Bulletin: https://fortiguard.com/psirt/FG-IR-19-265 https://fortiguard.com/psirt/FG-IR-19-269 https://fortiguard.com/psirt/FG-IR-20-001 Comment: This bulletin contains three (3) Fortinet security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- XSS vulnerability in the Anomaly Detection Parameter Name IR Number : FG-IR-19-265 Date : Mar 09, 2020 Risk : 3/5 Impact : Unauthorized code execution CVE ID : CVE-2019-16156 CVE ID : CVE-2019-16156 CVE ID : CVE-2019-16156 Summary An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack (XSS) via a parameter of the request. Impact Unauthorized code execution Affected Products FortiWeb Versions 6.0.5 and below. FortiWeb Versions 6.1.1 and below. FortiWeb Version 6.2.0 Solutions Please upgrade to FortiWeb versions 6.0.6 or above Please upgrade to FortiWeb versions 6.1.2 or above Please upgrade to FortiWeb versions 6.2.1 or above Acknowledgement Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and S21sec for reporting this vulnerability under responsible disclosure. - -------------------------------------------------------------------------------- Information disclosure through diagnose debug commands in FortiWeb IR Number : FG-IR-19-269 Date : Mar 11, 2020 Risk : 3/5 Impact : Information disclosure CVE ID : CVE-2019-16157 CVE ID : CVE-2019-16157 Summary An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged via diagnose debug commands. Impact Information disclosure Affected Products FortiWeb 6.2.0 and below. Solutions Please upgrade to FortiWeb 6.3.0, 6.2.1 or above. Acknowledgement Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure. - -------------------------------------------------------------------------------- XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb IR Number : FG-IR-20-001 Date : Mar 09, 2020 Risk : 3/5 Impact : Unauthorized code execution CVE ID : CVE-2020-6646 CVE ID : CVE-2020-6646 CVE ID : CVE-2020-6646 Summary An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. Impact Unauthorized code execution Affected Products FortiWeb version 6.2.2 and below. FortiWeb version 6.3.0. Solutions Please upgrade to FortiWeb version 6.2.3 or above Please upgrade to FortiWeb version 6.3.1 or above Acknowledgement Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmnK9GaOgq3Tt24GAQjwnBAArjaJj0E+zlNXOzcMRfKEqwRNJURtkEgv BQXOPBSsRwpO3vGt5sBMjI2HLmI8ydqGCp3oDdaGA9biXdlgyXfiZTYNKhjGXGLq /sRPENT9YHKpck0Clx7PDSVFN8WpSjZfHmV0+bG2U9JR5eKMMR7/DqFPxusp9dVX gnya/fZ0auLnX4O37u/RGrl3Zei1BXrExLpDg1bwCJ9KgN3cwPQry2oI5Iw97od4 PUpr1572j2DLgCqLgzayQyXvaK85TvKjilBaewwthBuy+7Z99/JD4SabSVUq3ySg qunYtEVNPoHJ6bTEzIUWC2lr6FEtnnrsd/o55QDI69KCV6GCWELILe5XLdOA34Wm EhFpa2sDRjJZK4+TRicq4q+GuNf+XI5vZtRQEus3mCuOL0ktqmYiu8+8Y4WNS2dT uUTbLtN19+tl4o36+9SBiEKBBvhkdJLVgohh8cadnm7xOXc+MRAJ8tddHdCzJv4Y MFWSQiU5HUaTcqZCr1jIDtyrcGPTzRlNkfSV7tZcqaUkmj90djmtdw6SCahGX7bO fFwIXRpE+E5hZjPk3nMn3ZkAa84smnQOAjbJQkBdB4dQ51iYF7NBZDMiSd3naIHp SqIIytLv9VF1A0mmpt/mENWXNahMnf+KAkNQwP1rBMkRyGZ0/SXp9Y/sw8qp1t2F O6g1JA243Nw= =Slmt -----END PGP SIGNATURE-----