"Fortinet Firewall Flaw Could Allow Hackers to Take Over a Device"

Fortinet's Web Application Firewall (WAF) platform FortiWeb contains an Operating System (OS) command injection vulnerability that could allow hackers to take over a device and run commands on it. According to researchers at Rapid7, the bug in FortiWeb's management interface could enable the execution of arbitrary commands on the system through the SAML server configuration page by a remote authenticated attacker. The vulnerability impacts FortiWeb versions 6.3.11 and below. Once a hacker is authenticated to the FortiWeb device's management interface, they can secretly send commands using backticks in the "Name" field of the SAML server configuration page. These commands are then carried out as the root user of the underlying OS. Tod Beardsley, Director of Research at Rapid7, said the exploitation of this vulnerability can let an attacker take complete control of the affected device, with the highest privileges. With this control, they could install a persistent shell, cryptocurrency mining software, or other malware. Until a patch is released, users should disable the FortiWeb device's management interface from untrusted networks. This article continues to discuss findings surrounding the Fortinet firewall vulnerability.  

ITPro reports "Fortinet Firewall Flaw Could Allow Hackers to Take Over a Device"