Fortinet has published new security advisories on the vulnerabilities in FortiOS and FortiSandbox. The CVSS values are between 7.3 and 7.9 and are therefore considered highly dangerous. IT security managers should make updates immediately.
Fortinet's security advisories describe the highly dangerous vulnerabilities and the possible consequences in detail.
FortiOS – Illegal authorization via Prof Admin profile (CVSSv3 7.4)
Problem: An improper authorization vulnerability [CWE-285] in the WEB-UI component of FortiOS could allow an authenticated attacker with the prof-admin profile to perform elevated actions.
Solution: FortiOS 7.4 is not affected, FortiOS 7.2 7.2.0 to 7.2.4 upgrade needs to be updated to 7.2.5 or higher, FortiOS 7.0 7.0.0 to 7.0.11 needs to be upgraded to 7.0.12 or higher.
FortiSandbox - Reflected Cross Site Scripting (XSS) on the File OnDemand rendering endpoint (CVSSv3 7.3)
Problem: Improper neutralization of input during web page generation (“cross-site scripting”) vulnerability [CWE-79] in FortiSandbox could allow an authenticated attacker to conduct a cross-site scripting attack via crafted HTTP requests.
Solution: FortiSandbox 2.4.1 to 3.2 needs to be migrated to a fixed version. Fortinet 4.0.0 to 4.0.3 requires an upgrade to 4.0.4. Fortinet 4.2.0 to 4.2.5 and 4.4.0 to 4.4.1 require an upgrade to 4.4.2 or later.
FortiSandbox – Arbitrary File Deletion (CVSSv3 7.9)
Problem: Improper restriction of a pathname to a restricted directory (“Path Traversal”) vulnerability [CWE-22] in FortiSandbox could allow a low-privilege attacker to delete arbitrary files via crafted http requests. All versions of are affected FortiSandbox 2.4 to 3.2, versions 4.0.0 to 4.0.3, versions 4.2.0 to 4.2.5 and version 4.4.0
Solution: The secure versions are FortiSandbox 4.0.4, 4.2.6 and 4.4.2 or later. The updates are available for download.
FortiSandbox – XSS when deleting endpoint (CVSSv3 7.3)
Problem: The vulnerability [CWE-79] in FortiSandbox, which neutralizes multiple improper inputs during web page generation (“cross-site scripting”), could allow an authenticated attacker to carry out a cross-site scripting attack via crafted HTTP requests.
Solution: FortiSandbox 2.4.1 to 3.2 needs to be migrated to a fixed version. Fortinet 4.0.0 to 4.0.3 requires an upgrade to 4.0.4. Fortinet 4.2.0 to 4.2.5 and 4.4.0 to 4.4.1 require an upgrade to 4.4.2 or later.
Further security advisories, descriptions and the corresponding updates can be found at Fortinet.
More at Sophos.com
About Fortinet Fortinet (NASDAQ: FTNT) protects the most valuable resources of some of the largest companies, service providers and government agencies worldwide. We offer our customers complete transparency and control over the expanding attack surface as well as the ability to meet ever higher performance requirements now and in the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in network, application, multi-cloud or edge environments. Fortinet is # 1 when it comes to the most commonly shipped security appliances. More than 455.000 customers trust Fortinet to protect their brands. Both a technology company and a training company, the Fortinet Network Security Expert (NSE) Institute has one of the largest and most comprehensive cyber security training programs in the industry. More information on this at www.fortinet.de, in the Fortinet blog or at FortiGuard Labs.