AL2021_12 Fortinet Security (27th April 2021)

Description

Fortinet has released a security advisory on 27th April 2021 addressing a vulnerability in the FortiWAN -version 4.5.7 and prior.

Summary
The vulnerability is exploitable due to an error in the authentication process, which can be achieved through the FortiWAN relative path traversal vulnerability (CWE-23). This may allow a remote non-authenticated attacker to delete system files by sending a crafted HTTP POST request and preforming directory traversal sequences. By deleting distinctive configuration files, it could lead to password reset in the administrator account which would then revert to a default value.

Product Affected:

  • FortiWAN version 4.5.7 and prior

SOLUTIONS:

  • It is recommended that you upgrade your FortiWAN upcoming version 4.5.8 or above and 5.1.1 or above.
  • Restrict administrative access from any source to local host only.

For further information on this vulnerability kindly follow the below URL:

https://www.fortiguard.com/psirt/FG-IR-21-048

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.

References

  • Fortinet Security Advisory (27th April 2021) Retrieved from Canadian Centre for Cyber Security

           https://cyber.gc.ca/en/alerts/fortinet-security-advisory-7

  • Authentication bypass in FortiWAN (28th April 2021) Retrieved from CyberSecurityHelp

          https://www.cybersecurity-help.cz/vdb/SB2021042805