Severity

High

Analysis Summary

CVE-2020-29011

Instances of SQL Injection vulnerabilities in FortiSandbox’s checksum search and MTA-quarantine modules may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.

CVE-2021-24010

Improper limitation of a pathname to a restricted directory (CWE-22) vulnerabilities in FortiSandbox may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.

CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.

CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers (‘HTTP Response Splitting’) vulnerability In FortiManager and FortiAnalyzer GUI may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

CVE-2021-26104

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager, FortiAnalyzer, and FortiPortal may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.

CVE-2021-32588

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password. 

CVE-2021-32587

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.

CVE-2021-26097

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

CVE-2021-24006

An improper access control vulnerability in FortiManager may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.

Impact

• Code Execution
• Privilege Escalation
• Cross-site Scripting

Affected Vendors

Fortinet

Affected Products

• FortiSandbox version 3.2.2 and earlier
• FortiSandbox version 3.1.4 and earlier
• FortiSandbox 3.2.2 and below
• FortiSandbox 3.1.4 and below
• FortiSandbox 3.2.2 and below.
• FortiManager 7.0.0
• FortiManager 6.4.x
• FortiAnalyzer 5.6.x
• FortiAnalyzer versions 6.4.5 and below
• FortiAnalyzer versions 5.6.x
• FortiPortal version 5.3.5 and below
• FortiPortal 5.0.x
• FortiPortal 5.1.x
• FortiManager versions 6.2 and below are NOT impacted

Remediation

For CVE-2021-29011: https://www.fortiguard.com/psirt/FG-IR-20-171

Upgrade to FortiSandbox version 3.2.2 or later.

Upgrade to FortiSandbox version 3.1.5 or later.

• For CVE-2021-24010: https://www.fortiguard.com/psirt/FG-IR-20-202

Upgrade to FortiSandbox version 4.0.0 or above.

Upgrade to FortiSandbox version 3.2.3 or above.

Upgrade to FortiSandbox version 3.1.5 or above.

• For CVE-2021-26096: https://www.fortiguard.com/psirt/FG-IR-20-188

Upgrade to FortiSandbox 4.0.0.

Upgrade to FortiSandbox 3.2.3.

• For CVE-2021-24014: https://www.fortiguard.com/psirt/FG-IR-20-209

Upgrade to version 4.0.0 or above.

Upgrade to version 3.2.3 or above.

• For CVE-2021-32598: https://www.fortiguard.com/psirt/FG-IR-21-063

Upgrade to FortiManager version 7.0.1 or above.
Upgrade to FortiManager version 6.4.6 or above.

Upgrade to FortiAnalyzer version 7.0.1 or above.
Upgrade to FortiAnalyzer version 6.4.6 or above.

• For CVE-2021-26104: https://www.fortiguard.com/psirt/FG-IR-21-037

Please upgrade to FortiManager version 6.2.8 or above.
Please upgrade to FortiManager version 6.4.6 or above.
Please upgrade to FortiManager version 7.0.0 or above.
Please upgrade to FortiAnalyzer version 6.2.8 or above.
Please upgrade to FortiAnalyzer version 6.4.6 or above.
Please upgrade to FortiAnalyzer version 7.0.0 or above.
Please upgrade to FortiPortal version 5.2.6 or above. 
Please upgrade to FortiPortal version 5.3.6 or above. 
Please upgrade to FortiPortal version 6.0.5 or above.

• For CVE-2021-32588: https://www.fortiguard.com/psirt/FG-IR-21-077

Please upgrade to FortiPortal version 5.2.6 or above. 
Please upgrade to FortiPortal version 5.3.6 or above.
Please upgrade to FortiPortal version 6.0.5 or above. 

• For CVE-2021-32587: https://www.fortiguard.com/psirt/FG-IR-21-059

upgrade to FortiManager version 7.0.1 or above. 

upgrade to FortiManager version 6.4.6 or above.

upgrade to FortiAnalyzer version 7.0.1 or above.
upgrade to FortiAnalyzer version 6.4.6 or above.

• For CVE-2021-26097: fortiguard.com/psirt/FG-IR-20-198

Upgrade to FortiSandbox 4.0.0 or above.

Upgrade to FortiSandbox 3.2.3 or above.

Upgrade to FortiSandbox 3.1.5 or above.

Upgrade to FortiSandbox 3.0.7 or above.

• For CVE-2021-24006: https://www.fortiguard.com/psirt/FG-IR-20-061

Please upgrade to FortiManager version 6.4.4 or above