Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3006 FortiWeb Vulnerabilities 8 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiWeb Publisher: FortiGuard Labs Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-36182 CVE-2021-36179 Original Bulletin: https://fortiguard.com/psirt/FG-IR-20-206 https://fortiguard.com/psirt/FG-IR-21-047 Comment: This bulletin contains two (2) FortiGuard Labs security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command IR Number : FG-IR-20-206 Date : Sep 7, 2021 Risk : 4/5 CVSSv3 Score : 7.8 Impact : Execute unauthorized code or commands CVE ID : CVE-2021-36179 Affected Products: FortiWeb: 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0 Language : English Portuguese Summary Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via `config backup` arguments. Affected Products FortiWeb version 6.3.14 or below FortiWeb version 6.2.4 or below Solutions Upgrade to FortiWeb 6.4.0 or above Upgrade to FortiWeb 6.3.15 or above Upgrade to FortiWeb 6.2.5 or above Acknowledgement Internally discovered and reported by Mattia Fecit of Fortinet PSIRT team. - -------------------------------------------------------------------------------- FortiWeb - OS Command Injection because of missing input parameter sanitization IR Number : FG-IR-21-047 Date : Sep 7, 2021 Risk : 4/5 CVSSv3 Score : 8.3 Impact : Execute unauthorized code or commands CVE ID : CVE-2021-36182 Affected Products: FortiWeb: 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4 Summary Multiple improper neutralization of special elements vulnerabilities [CWE-89] used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. Affected Products FortiWeb version 6.3.13 or below is impacted FortiWeb version 6.2.4 or below is impacted Solutions Upgrade to FortiWeb 6.3.14 or above Upgrade to FortiWeb 6.2.5 or above Acknowledgement Fortinet is pleased to thank H4lo from DBappSecurity Co.,Ltd Hatlab for reporting this vulnerability under responsible disclosure. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYTgEOeNLKJtyKPYoAQh8zQ//fdIbU9bkHPMYhbwyiNRpah5XnTa4sUDz s6muD2FQ3mVZdnZ54fthwxC+D4MeGSs3voqgHrVuiBIVKPz7h4WYv5qVDBZOHdDw nUWicdyTMtUjWNQjImOjkoPD0DdVELyKWmJOEVe0oYUa5Vrm6ZWx7g03BJMrfT/x mVX2YarhKXk/gp7ILPPHqRnPnfP/EkkUUD78FhBGFp52Z45yC8TbBYzcG68PsayH 3tumuNLlK70v2G7krHDkuVzx12OlQQ7uAsbwvSVHugiP3QJJcUsjLNe099pMz+a+ wVzYdtDmYe/OK1XcrJsmIzwBDtAmlMrsa/2O2FKVDRMNPnnRbZjMMpg2burcYma7 +UAd1ldN6RATbqFp6KHViSziOkHBtH1vK4uSarsxQRCIlOzdy7rnZWLHqLXR28oC VTepwLbvqCVgxZzkLL5X6v/p7FVLzQWt9eWKuqOVMi65wPZjbM+9XA+rwo8878hr PJ91yKxnluRLoIykOHuUIQMh+momFKWpXYPG/q3Zs69q0laQSucyQKjsWsRGKxlT nSAhWyABgqv2g60vh8lETt1FjDGufIcHd+lYyG4iU0WNj3vVg4adad+VNOqfRPtt SVbfW4AWv2VWzqyxRxdodM3rSN/j0VrOEKEItczX4L1qtsyTkK5kJIb+tHi1T7dq 80Q6HhGJbBE= =JZal -----END PGP SIGNATURE-----