Multiple vulnerabilities in Fortinet FortiAnalyzer



Published: 2022-06-07
Risk High
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2020-13927
CVE-2020-11982
CVE-2020-11981
CVE-2021-35936
CVE-2021-28359
CVE-2020-13944
CVE-2020-17515
CVE-2021-23336
CVE-2020-17526
CVE-2020-17513
CWE-ID CWE-287
CWE-453
CWE-78
CWE-200
CWE-79
CWE-20
CWE-798
CWE-918
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Subscribe
FortiAnalyzer
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Fortinet, Inc

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU64047

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-13927

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to default setting for Airflow's Experimental API allow all API requests to be performed without authentication. A remote non-authenticated attacker can perform arbitrary API actions and eventually compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Insecure Default Variable Initialization

EUVDB-ID: #VU31686

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-11982

CWE-ID: CWE-453 - Insecure Default Variable Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected software, by default, initializes an internal variable with an insecure or less secure value than is possible. A remote authenticated attacker who can connect to the broker (Redis, RabbitMQ) directly can pass specially crafted data to the application and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) OS Command Injection

EUVDB-ID: #VU31685

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-11981

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the "celery" executor. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU56194

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35936

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Cross-site scripting

EUVDB-ID: #VU52840

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-28359

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "origin" parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Cross-site scripting

EUVDB-ID: #VU46772

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-13944

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "origin" parameter to several URLs, such as "/tigger" URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Cross-site scripting

EUVDB-ID: #VU48934

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-17515

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, this vulnerability exists due to incomplete fix for previous issue #VU46772.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Input validation error

EUVDB-ID: #VU50814

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-23336

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform web cache spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in django.utils.http.limited_parse_qsl() when parsing strings with a semicolon (";"). A remote attacker can pass specially crafted data to the application and perform a spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Use of hard-coded credentials

EUVDB-ID: #VU49123

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-17526

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to vulnerable application.

The vulnerability exists due to Apache Airflow relies on session management based on the default [webserver] secret_key value. A remote attacker, who successfully authenticated at one website can re-use the same session to authenticate on another unrelated website, if both web servers are configured with the default [webserver] secret_key value.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU48936

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-17513

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FortiAnalyzer: 7.0.0 - 7.0.2, 6.4.0 - 6.4.7


CPE2.3 External links

http://fortiguard.fortinet.com/psirt/FG-IR-22-008

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###