Vulnerability Lab reported that it found several vulnerabilities in several products from the famous enterprise security solutions provider Fortinet. The vulnerabilities were discovered this year.
Most of the vulnerabilities discovered reflected in the cross-site scripting (XSS). Vulnerability Labs reported these issues in May, February and January. What is new here is the information that the flaws are now fully patched.
Most of the vulnerabilities in the question presented themselves in the web interface of Fortinet FortiManager and FortiAnalyzer as well as reporting appliances. Vulnerability Labs warned that the vulnerability could be used by a remote attacker to inject malicious code into the applications. The attacker would only need access to any account in the system, even a low privilege account. For complete exploitation, the victim has to click on a specific link, containing the malicious code.
Multiple persistent XSS flaws and a filter bypass, are present in the FortiVoice enterprise phone system, a common app among Fortinet’s customers. These flaws, if exploited by a vicious attacker can have far-reaching consequences. Exploitation of these flaws requires minimum user interactions.
The FortiCloud, a cloud-based wireless security and administration application also has several persistent XSS issues. To exploit the system, the attacker requires access to the Summary Report page of the product, so that they can inject malicious code which executes as soon as any user visits the page.
Fortinet has since published an advisory for one of the vulnerabilities. According to Vulnerability Labs the company will publish the advisories to all the flaws soon. Users should update the Fortinet products to patch the flaws.
Vulnerability Labs has published all the details regarding the flaws they discovered and provided a proof-of-concept for each flaw.
Meanwhile, the researchers also reported discovering an SSH hole in the older versions of FortiOS. FortiOS is the operating system running Fortinet’s FortiGate firewall platform, earlier this year. The vulnerability was discovered in other Fortinet products. However, Fortinet disregarded these claims saying the vulnerabilities did not pose any immediate danger.
Fortinet has patched the flaws discovered by Vulnerability Labs. To protect customers in the future, Fortinet should regularly check their systems for vulnerabilities.