fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fortinet Fixes Critical Vulnerabilities In SSL VPN And Web Firewall

Fortinet Fixes Critical Vulnerabilities In SSL VPN And Web Firewall

Fortinet has fixed multiple severe vulnerabilities impacting its products.

The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. 

Some vulnerabilities reported 2 years ago

Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has been patching in their products.

Some of these vulnerabilities shown below had been previously reported in other Fortinet products but were fixed only recently in FortiProxy SSL VPN versions shown below.

CVE IDVulnerability typeImpacted productsFixed versionsDate first publishedDate Fixed
CVE-2018-13383DoS, RCEFortiProxy SSL VPN 2.0.0 and below, 1.2.8 and below, 1.1.6 and below, 1.0.7 and below.FortiProxy SSL VPN >= 2.0.1 and >= 1.2.9.April 2, 2019February 1, 2021
CVE-2018-13381DoSFortiProxy SSL VPN  2.0.0 and below, 1.2.8 and below, 1.1.6 and below, 1.0.7 and below.FortiProxy SSL VPN >= 2.0.1 and >= 1.2.9.May 17, 2019February 1, 2021
CVE-2020-29015SQL InjectionFortiWeb  6.3.7 and below,  6.2.3 and below.FortiWeb >= 6.3.8, >= 6.2.4Jan 4, 2021Jan 4, 2021
CVE-2020-29016RCEFortiWeb 6.3.5 and below,  6.2.3 and belowFortiWeb >= 6.3.6, >= 6.2.4Jan 4, 2021Jan 4, 2021
CVE-2020-29017RCEFortiDeceptor  3.1.0 and below,  3.0.1 and below.FortiDeceptor >= >= 3.2.0, 3.1.1, >= 3.0.2Jan 4, 2021Jan 4, 2021
CVE-2020-29018RCEFortiWeb 6.3.5 and belowFortiWeb >= 6.3.6Jan 4, 2021Jan 4, 2021
CVE-2020-29019DoSFortiWeb  6.3.7 and below, 6.2.3 and belowFortiWeb >= 6.3.8, >= 6.2.4Jan 4, 2021Jan 4, 2021

Of particular note is the vulnerability CVE-2018-13381 in FortiProxy SSL VPN that can be triggered by a remote, unauthenticated actor through a crafted POST request.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

Due to a buffer overflow in the SSL VPN portal of FortiProxy, a specially crafted POST request of large size, when received by the product is capable of crashing it, leading to a Denial of Service (DoS) condition.

Likewise, CVE-2018-13383 is interesting in that an attacker can abuse it to trigger an overflow in the VPN via JavaScript’s HREF content property.

Should an attacker-crafted webpage containing the JavaScript payload be parsed by FortiProxy SSL VPN, remote code execution is possible, in addition to DoS.

Whereas, vulnerabilities made public in January 2021, make SQL Injection, RCE, and DoS possible in various ways.

Vulnerabilities in FortiWeb Web Application Firewall were discovered and responsibly reported by researcher Andrey Medov at Positive Technologies.

“The most dangerous of these four vulnerabilities are the SQL Injection (CVE-2020-29015) and Buffer Overflow (CVE-2020-29016) as their exploitation does not require authorization.”

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value.”

“The second one allows arbitrary code execution. Additionally, the format string vulnerability (CVE-2020-29018) also may allow code execution, but its exploitation requires authorization,” says Medov in a blog post.

Additionally, Meh Chang and Orange Tsai of the DEVCORE Security Research Team have been credited for responsibly reporting the flaws in FortiProxy SSL VPN.

Whereas, FortiDeceptor RCE vulnerability was reported by Chua Wei Kiat.

Critical vulnerabilities rated as “Medium”

It is worth noting many of these vulnerabilities have been rated by the NVD as having a High or Critical severity rating,  in accordance with CVSS 3.1 scoring guidelines.

However, it is not clear why these flaws are marked as posing a medium threat in advisories published by FortiGuard Labs.

For example, the blind SQL injection security flaw in FortiWeb can be exploited by an unauthenticated actor to execute arbitrary SQL queries or commands via web requests that have malicious SQL statements injected in the Authorization header.

That is possibly why it was assigned a Critical severity with a CVSS 3.1 score of 9.8 by the NVD, as opposed to a Medium (6.4) score reported by Fortinet.

BleepingComputer has observed similar scoring discrepancies for other Fortinet vulnerabilities as well.

Last year, as reported by BleepingComputer, hackers had posted a list of almost 50,000 vulnerable Fortinet VPNs with a years old Path Traversal flaw.

Some of these VPNs were in active use by governments, telecoms, banks, and financial organizations around the world.

As a result of this list having been made public, the same week, another threat actor had posted plain text credentials of these 50,000 VPNs on hacker forums.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

Fortinet customers are therefore advised to upgrade to fixed versions of their products as soon as possible to protect against such critical vulnerabilities.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us