SB2022040534 - Multiple vulnerabilities in FortiWAN

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-32593)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to usage of a risky cryptographic algorithm in the Dynamic Tunnel Protocol of FortiWAN. A remote attacker can perform MitM attack.

2) Stack-based buffer overflow (CVE-ID: CVE-2021-26112)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within network daemons and in the command line interpreter of FortiWAN. A remote unauthenticated attacker can send a specially crafted request toi the system, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) SQL injection (CVE-ID: CVE-2021-26114)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

4) Stored cross-site scripting (CVE-ID: CVE-2021-32585)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

5) Use of hard-coded credentials (CVE-ID: CVE-2021-26113)

The vulnerability allows a remote attacker to recover hashed passwords of other users.

The vulnerability exists due to usage of a hard-coded salt in FortiWAN. An attacker who has previously come in possession of the password file can recover victim's password.

6) OS Command Injection (CVE-ID: CVE-2021-24009)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the FortiWAN Web GUI. A remote authenticated user can send a specially crafted HTTP request and execute arbitrary OS commands on the target system.

Remediation

Install update from vendor's website.

References

• https://fortiguard.fortinet.com/psirt/FG-IR-21-070
• https://fortiguard.fortinet.com/psirt/FG-IR-21-065
• https://fortiguard.fortinet.com/psirt/FG-IR-21-062
• https://fortiguard.fortinet.com/psirt/FG-IR-21-078
• https://fortiguard.fortinet.com/psirt/FG-IR-21-064
• https://fortiguard.fortinet.com/psirt/FG-IR-21-060