Hello, Fortinet? Could you patch these vulns please?

Oh, and CERT's left a message or two

Fortinet's load balancer has been found to include a bunch of vulnerabilities, and so far, the Carnegie-Mellon CERT hasn't been able to determine whether or not they've all been patched.

In its advisory, the CERT says FortiWAN is subject to command injections, information exposure, and cross-site scripting attacks.

As the advisory states: “An authenticated but low-privileged (non-administrator) account may be able to execute OS commands in the root context, capture network traffic through the FortiWAN device, obtain appliance system configuration, or conduct cross-site scripting attacks against administrator users.”

While one of the vulnerabilities in the list has been fixed in FortiWAN 4.2.5, the advisory continues: “It is currently unclear if the remaining vulnerabilities in this Vulnerability Note were also addressed in this release.”

The vulns are as follows:

  • CVE-2016-4966 – Fixed: a bug in diagnosis_control.php, an authentication bypass that lets an attacker get a dump of captured packets;
  • CVE-2016-4965 – Operating system command injection, also via diagnosis_control.php;
  • CVE-2016-4967 – A privilege escalation bug that lets a lower-privilege user get a backup of the device configuration;
  • CVE-2016-4968 – A user with low privileges can get the admin login cookie with a simple GET request; and
  • CVE-2016-4969 – Cross-site scripting via the /script/statistics/getconn.php file's IP parameter.

The vulns were reported to the CERT by Virgoteam. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021