Multiple vulnerabilities in FortiWAN
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2021-32593 CVE-2021-26112 CVE-2021-26114 CVE-2021-32585 CVE-2021-26113 CVE-2021-24009 |
| CWE-ID | CWE-327 CWE-121 CWE-89 CWE-79 CWE-798 CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FortiWAN Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU61904
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-32593
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of a risky cryptographic algorithm in the Dynamic Tunnel Protocol of FortiWAN. A remote attacker can perform MitM attack.
Install updates from vendor's website.
Vulnerable software versionsFortiWAN: 4.5.0 - 4.5.8
CPE2.3- cpe:2.3:h:fortinet:fortiwan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.2:*:*:*:*:*:*:*
https://fortiguard.fortinet.com/psirt/FG-IR-21-070
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU61903
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-26112
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within network daemons and in the command line interpreter of FortiWAN. A remote unauthenticated attacker can send a specially crafted request toi the system, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortiWAN: 4.5.0 - 4.5.8
CPE2.3- cpe:2.3:h:fortinet:fortiwan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.2:*:*:*:*:*:*:*
https://fortiguard.fortinet.com/psirt/FG-IR-21-065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU61902
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-26114
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortiWAN: 4.5.0 - 4.5.8
CPE2.3- cpe:2.3:h:fortinet:fortiwan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.2:*:*:*:*:*:*:*
https://fortiguard.fortinet.com/psirt/FG-IR-21-062
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stored cross-site scripting
EUVDB-ID: #VU61901
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-32585
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortiWAN: 4.5.0 - 4.5.8
CPE2.3- cpe:2.3:h:fortinet:fortiwan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.2:*:*:*:*:*:*:*
https://fortiguard.fortinet.com/psirt/FG-IR-21-078
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of hard-coded credentials
EUVDB-ID: #VU61900
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-26113
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to recover hashed passwords of other users.
The vulnerability exists due to usage of a hard-coded salt in FortiWAN. An attacker who has previously come in possession of the password file can recover victim's password.
Install updates from vendor's website.
Vulnerable software versionsFortiWAN: 4.5.0 - 4.5.8
CPE2.3- cpe:2.3:h:fortinet:fortiwan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.2:*:*:*:*:*:*:*
https://fortiguard.fortinet.com/psirt/FG-IR-21-064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) OS Command Injection
EUVDB-ID: #VU61899
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-24009
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the FortiWAN Web GUI. A remote authenticated user can send a specially crafted HTTP request and execute arbitrary OS commands on the target system.
Install updates from vendor's website.
Vulnerable software versionsFortiWAN: 4.5.0 - 4.5.8
CPE2.3- cpe:2.3:h:fortinet:fortiwan:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:fortinet:fortiwan:4.5.2:*:*:*:*:*:*:*
https://fortiguard.fortinet.com/psirt/FG-IR-21-060
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
