Security Advisory – Fortinet FortiWeb Vulnerability

Home/Security Update/Security Advisory – Fortinet FortiWeb Vulnerability

Security Advisory – Fortinet FortiWeb Vulnerability

FortiWeb is vulnerable to a blind SQL injection

FortiWeb — CVE-2020-29015

Summary:

A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

However, Fortinet has released security updates regarding this vulnerability.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

Affected Products:

The vulnerability is considered as MEDIUM severity.

FortiWeb versions 6.3.7 and below. 

FortiWeb versions 6.2.3 and below.

Solutions:

Please upgrade to FortiWeb versions 6.3.8 or above.

Please upgrade to FortiWeb versions 6.2.4 or above.

Vulnerability RatingCVSS v3.0CVSS v2.0
Base Score6.46.4
Base MetricsCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NCVSS v2.0/AV:N/AC:L/AU:N/C:P/I:P/A:N

Security Recommendations:

It is recommend the following actions be taken:

  • Apply appropriate updates by Fortinet to vulnerable systems, immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

Reference:

FortiWeb is vulnerable to a blind SQL injection | FortiGuard

By | 2021-01-11T21:48:34+05:30 January 11th, 2021|Security Update|

About the Author:

FirstHackersNews- Identifies Security

One Comment

  1. xmc February 21, 2021 at 9:50 pm - Reply

    Tremendous article, numerous good quality information. I am about to show my pals and ask them what they think.

Leave A Comment

Subscribe to our newsletter to receive security tips everday!