The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
-
The Apache project released an advisory, describing the following vulnerabilities:
1) CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua
multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not
aware of an exploit for the vulnerabilty though it might be possible to craft one. This
issue affects Apache HTTP Server 2.4.51 and earlier.
2) CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash
(NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations,
can allow for requests to be directed to a declared Unix Domain Socket endpoint
(Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
-
Apache Log4j =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled (CVE-2021-44228).
See the Fortinet Blog for more more detail https://www.fortinet.com/blog/psirt-blogs/apache-log4j-vulnerability
-
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin.
-
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in FortiWLM may allow an authenticated attacker to perform a stored cross site scripting attack (XSS) via storing malicious payloads and trigger the attack on victim's client via various endpoints.
-
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiWLM may allow an unauthenticated user to taint database data and extract sensitive informations via crafted HTTP requests to alarm and device handlers.
-
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiWLM may allow an
authenticated user to perform an XSS attack via crafted HTTP GET requests.
-
A missing cryptographic steps vulnerability [CWE-325] in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox, FortiWeb, FortiADC, and FortiMail may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
-
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.
-
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
-
An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.