Severity
Medium
Analysis Summary
CVE-2021-42756 CVSS:9.8
Fortinet FortiWeb is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the proxy daemon. By sending a specially-crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2021-42761 CVSS:9
Fortinet FortiWeb could allow a remote attacker to hijack a user’s session, caused by a session fixation vulnerability. An attacker could exploit this vulnerability using session cookie to gain access to another user’s session.
CVE-2023-25602 CVSS:7.8
Fortinet FortiWeb is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By using specially-crafted command arguments, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2022-30299 CVSS:5.3
Fortinet FortiWeb could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted request containing “dot dot” sequences (/../) to retrieve specific parts of files from the underlying file system.
CVE-2022-30300 CVSS:6.5
Fortinet FortiWeb could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted HTTP GET request containing “dot dot” sequences (/../) to access files and data on the system.
CVE-2022-30303 CVSS:8.8
Fortinet FortiWeb could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection vulnerability. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.
CVE-2021-43074 CVSS:4.3
Fortinet products could allow a remote authenticated attacker to obtain sensitive information, caused by improper verification of cryptographic signatures. By intercepting a session management cookie, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-30304 CVSS:4.3
Fortinet FortiAnalyzer is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the FortiWeb attack event logview. A remote attacker could exploit this vulnerability using the URL parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-33869 CVSS:8.8
Fortinet FortiWAN could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection vulnerability in the management interface. By sending specially-crafted arguments to existing commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-33871 CVSS:6.6
Fortinet FortiWeb is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By using specially-crafted CLI execute backup-local rename and execute backup-local show operations, a remote authenticated attacker could overflow a buffer and execute arbitrary code or commands on the system.
CVE-2023-23778 CVSS:4.9
Fortinet FortiWeb could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to access to files and data on the system.
CVE-2023-23779 CVSS:6.8
Fortinet FortiWeb could allow a remote authenticated attacker within the local network to execute arbitrary commands on the system, caused by an OS command injection vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-23780 CVSS:8
Fortinet FortiWeb is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted HTTP request, a remote authenticated attacker within the local network could overflow a buffer and execute arbitrary code on the system with elevated privileges.
CVE-2023-23781 CVSS:6.4
Fortinet FortiWeb is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the SAML server configuration. By using a specially-crafted XML file, a remote authenticated attacker within the local network could overflow a buffer and execute arbitrary code on the system.
CVE-2023-23782 CVSS:7.8
Fortinet FortiWeb is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in the command line interpreter. By sending specially-crafted arguments to existing commands, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-23783 CVSS:6.7
Fortinet FortiWeb could allow a local authenticated attacker to execute arbitrary code on the system, caused by a format string vulnerability in the command line interpreter. By sending specially-crafted command arguments, an attacker could exploit this vulnerability to execute arbitrary code or commands on the system.
CVE-2022-42472 CVSS:4.2
Fortinet FortiProxy and FortiOS are vulnerable to HTTP response splitting attacks, caused by a CRLF injection vulnerability. A remote authenticated attacker could exploit this vulnerability to inject a CRLF character sequence and cause the server to return a split response once the URL is clicked. This would allow the attacker to perform further attacks, such as cache poisoning, cross-site scripting, session hijacking, and possibly obtain sensitive information.
CVE-2023-23784 CVSS:5.7
Fortinet FortiWeb could allow a remote authenticated attacker within the local network to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the underlying filesystem.
Impact
- Information Disclosure
- Buffer Overflow
- Command Execution
- Unauthorized Access
- Cross-Site Scripting
Indicators Of Compromise
CVE
CVE-2021-42756
CVE-2021-42761
CVE-2023-25602
CVE-2022-30299
CVE-2022-30300
CVE-2022-30303
CVE-2021-43074
CVE-2022-30304
CVE-2022-33869
CVE-2022-33871
CVE-2023-23778
CVE-2023-23779
CVE-2023-23780
CVE-2023-23781
CVE-2023-23782
CVE-2023-23783
CVE-2022-42472
CVE-2023-23784
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiWeb 6.2.5
- Fortinet FortiWeb 6.3.15
- Fortinet FortiWeb 6.4.1
- Fortinet FortiOS 7.0.0
- Fortinet FortiProxy 7.0.0
- Fortinet FortiOS 7.0.3
- Fortinet FortiProxy 7.0.1
- Fortinet FortiOS 7.2.0
- Fortinet FortiAnalyzer 6.4.4
- Fortinet FortiProxy 2.0.0
- Fortinet FortiProxy 1.2.0
- Fortinet FortiProxy 2.0.10
- Fortinet FortiWeb 6.2.6
- Fortinet FortiWeb 6.0.7
- Fortinet FortiWeb 6.3.16
- Fortinet FortiWeb 6.4
- Fortinet FortiWeb 6.3.11
- Fortinet FortiWeb 7.0.0
- Fortinet FortiWeb 6.4.2
- Fortinet FortiWeb 6.3.6
- Fortinet FortiProxy 1.1
- Fortinet FortiProxy 1.0
- Fortinet FortiWeb 6.0
- Fortinet FortiWeb 6.1
- Fortinet FortiOS 6.4.8
- Fortinet FortiProxy 2.0.7
- Fortinet FortiOS 6.2
- Fortinet FortiOS 6.0
- Fortinet FortiWeb 6.2
- Fortinet FortiSwitch 7.0.3
- Fortinet FortiSwitch 6.4.10
- Fortinet FortiSwitch 6.2
- Fortinet FortiSwitch 6.0
- Fortinet FortiAnalyzer 6.0.6
- Fortinet FortiWAN 4.5.8
- Fortinet FortiWAN 4.5.7
- Fortinet FortiOS 7.0.8
- Fortinet FortiOS 7.2.2
- Fortinet FortiProxy 7.0.7
- Fortinet FortiProxy 7.2.0
- Fortinet FortiProxy 7.2.1
- Fortinet FortiWeb 7.0.2
- Fortinet FortiWeb 6.1.2
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.