Sunday , February 28 2021
Home / News / Several Fortinet products found with vulnerabilities
Fortinet

Several Fortinet products found with vulnerabilities

Vulnerability Lab reported that it found several vulnerabilities in several products from the famous enterprise security solutions provider Fortinet. The vulnerabilities were discovered this year.

Most of the vulnerabilities discovered reflected in the cross-site scripting (XSS). Vulnerability Labs reported these issues in May, February and January. What is new here is the information that the flaws are now fully patched.

Most of the vulnerabilities in the question presented themselves in the web interface of Fortinet FortiManager and FortiAnalyzer as well as reporting appliances. Vulnerability Labs warned that the vulnerability could be used by a remote attacker to inject malicious code into the applications. The attacker would only need access to any account in the system, even a low privilege account. For complete exploitation, the victim has to click on a specific link, containing the malicious code.

Multiple persistent XSS flaws and a filter bypass, are present in the FortiVoice enterprise phone system, a common app among Fortinet’s customers. These flaws, if exploited by a vicious attacker can have far-reaching consequences. Exploitation of these flaws requires minimum user interactions.

The FortiCloud, a cloud-based wireless security and administration application also has several persistent XSS issues. To exploit the system, the attacker requires access to the Summary Report page of the product, so that they can inject malicious code which executes as soon as any user visits the page.

Fortinet has since published an advisory for one of the vulnerabilities. According to Vulnerability Labs the company will publish the advisories to all the flaws soon. Users should update the Fortinet products to patch the flaws.

Vulnerability Labs has published all the details regarding the flaws they discovered and provided a proof-of-concept for each flaw.

Meanwhile, the researchers also reported discovering an SSH hole in the older versions of FortiOS. FortiOS is the operating system running Fortinet’s FortiGate firewall platform, earlier this year. The vulnerability was discovered in other Fortinet products. However, Fortinet disregarded these claims saying the vulnerabilities did not pose any immediate danger.

Fortinet has patched the flaws discovered by Vulnerability Labs. To protect customers in the future, Fortinet should regularly check their systems for vulnerabilities.

About Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.
@AliR1272

Check Also

Unblock Facebook at School

Russia to Target Facebook After Attack on Telegram

Following the mass-blocking of millions of IP addresses in the battle against Telegram, Roskomnadzor, the …

Leave a Reply

Your email address will not be published. Required fields are marked *