-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0899
                         FortiWeb security updates
                               12 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiWeb
Publisher:         Fortinet
Operating System:  Network Appliance
Impact/Access:     Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-6646 CVE-2019-16157 CVE-2019-16156

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-19-265
   https://fortiguard.com/psirt/FG-IR-19-269
   https://fortiguard.com/psirt/FG-IR-20-001

Comment: This bulletin contains three (3) Fortinet security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

XSS vulnerability in the Anomaly Detection Parameter Name

IR Number : FG-IR-19-265
Date      : Mar 09, 2020
Risk      : 3/5
Impact    : Unauthorized code execution
CVE ID    : CVE-2019-16156
CVE ID    : CVE-2019-16156
CVE ID    : CVE-2019-16156

Summary

An improper neutralization of input vulnerability in the Anomaly Detection
interface of FortiWeb may allow a remote unauthenticated attacker to perform a
cross site scripting attack (XSS) via a parameter of the request.

Impact

Unauthorized code execution

Affected Products

FortiWeb Versions 6.0.5 and below.

FortiWeb Versions 6.1.1 and below.

FortiWeb Version 6.2.0

Solutions

Please upgrade to FortiWeb versions 6.0.6 or above

Please upgrade to FortiWeb versions 6.1.2 or above

Please upgrade to FortiWeb versions 6.2.1 or above

Acknowledgement

Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and
S21sec for reporting this vulnerability under responsible disclosure.

- --------------------------------------------------------------------------------

Information disclosure through diagnose debug commands in FortiWeb

IR Number : FG-IR-19-269
Date      : Mar 11, 2020
Risk      : 3/5
Impact    : Information disclosure
CVE ID    : CVE-2019-16157
CVE ID    : CVE-2019-16157

Summary

An information exposure vulnerability in FortiWeb CLI may allow an
authenticated user to view sensitive information being logged via diagnose
debug commands.

Impact

Information disclosure

Affected Products

FortiWeb 6.2.0 and below.

Solutions

Please upgrade to FortiWeb 6.3.0, 6.2.1 or above.

Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this
vulnerability under responsible disclosure.

- --------------------------------------------------------------------------------

XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb

IR Number : FG-IR-20-001
Date      : Mar 09, 2020
Risk      : 3/5
Impact    : Unauthorized code execution
CVE ID    : CVE-2020-6646
CVE ID    : CVE-2020-6646
CVE ID    : CVE-2020-6646

Summary

An improper neutralization of input vulnerability in FortiWeb may allow a
remote authenticated attacker to perform a stored cross site scripting attack
(XSS) via the Disclaimer Description of a Replacement Message.

Impact

Unauthorized code execution

Affected Products

FortiWeb version 6.2.2 and below.

FortiWeb version 6.3.0.

Solutions

Please upgrade to FortiWeb version 6.2.3 or above

Please upgrade to FortiWeb version 6.3.1 or above

Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this
vulnerability under responsible disclosure.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXmnK9GaOgq3Tt24GAQjwnBAArjaJj0E+zlNXOzcMRfKEqwRNJURtkEgv
BQXOPBSsRwpO3vGt5sBMjI2HLmI8ydqGCp3oDdaGA9biXdlgyXfiZTYNKhjGXGLq
/sRPENT9YHKpck0Clx7PDSVFN8WpSjZfHmV0+bG2U9JR5eKMMR7/DqFPxusp9dVX
gnya/fZ0auLnX4O37u/RGrl3Zei1BXrExLpDg1bwCJ9KgN3cwPQry2oI5Iw97od4
PUpr1572j2DLgCqLgzayQyXvaK85TvKjilBaewwthBuy+7Z99/JD4SabSVUq3ySg
qunYtEVNPoHJ6bTEzIUWC2lr6FEtnnrsd/o55QDI69KCV6GCWELILe5XLdOA34Wm
EhFpa2sDRjJZK4+TRicq4q+GuNf+XI5vZtRQEus3mCuOL0ktqmYiu8+8Y4WNS2dT
uUTbLtN19+tl4o36+9SBiEKBBvhkdJLVgohh8cadnm7xOXc+MRAJ8tddHdCzJv4Y
MFWSQiU5HUaTcqZCr1jIDtyrcGPTzRlNkfSV7tZcqaUkmj90djmtdw6SCahGX7bO
fFwIXRpE+E5hZjPk3nMn3ZkAa84smnQOAjbJQkBdB4dQ51iYF7NBZDMiSd3naIHp
SqIIytLv9VF1A0mmpt/mENWXNahMnf+KAkNQwP1rBMkRyGZ0/SXp9Y/sw8qp1t2F
O6g1JA243Nw=
=Slmt
-----END PGP SIGNATURE-----