Rewterz Threat Advisory – Multiple Fortinet Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-43075

Fortinet FortiWLM could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted HTTP request to the alarm dashboard and controller config handlers, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2021-43070 

Fortinet FortiWLM could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the management interface containing “dot dot” sequences (/../) to retrieve arbitrary files from the underlying filesystem.

CVE-2021-44166 

Fortinet FortiToken Mobile (Android) could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to access the protected system during the 2FA procedure.

CVE-2021-43077 

Fortinet FortiWLM is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted HTTP requests to the AP monitor handlers, which could allow the attacker to view, add, modify or delete information in the back-end database.

Impact

• Command Execution
• Information Disclosure
• Security Bypass
• Data Manipulation

Indicators of Compromise

CVE

• CVE-2021-43075
• CVE-2021-43070
• CVE-2021-44166
• CVE-2021-43077

Affected Vendors

Fortinet

Affected Products

• Fortinet FortiWLM 8.6.2
• Fortinet FortiWLM 8.5.2
• Fortinet FortiWLM 8.4.2
• Fortinet FortiWLM 8.3.3
• Fortinet FortiToken Mobile (Android) 5.1.0

Remediation

Refer to FortiGuard Advisory for patch, upgrade, or suggested workaround information. 

CVE-2021-43075

https://www.fortiguard.com/psirt/FG-IR-21-128

CVE-2021-43070

https://www.fortiguard.com/psirt/FG-IR-21-106

CVE-2021-44166

https://www.fortiguard.com/psirt/FG-IR-21-210

CVE-2021-43077

https://www.fortiguard.com/psirt/FG-IR-21-189