Fortinet fixes vulnerabilities in firewall tools

Vendor advises users to apply updates as soon as possible

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security firmFortinetsays it has fixed a series of vulnerabilities in its popular FortiWeb web applicationfirewallproduct.

The four vulnerabilities that were flagged by Positive Technologies’ security researcher Andrey Medov, presented several threats, including an SQL Injection and Buffer Overflow vulnerabilities.

Medov considers these two the “most dangerous” of the lot since they allowed attackers to remotely execute arbitrary SQL queries and intercept administrator accounts, adding that “their exploitation does not require authorization.”

Update to mitigate

Update to mitigate

The SQL injection vulnerability empowered the attacker to remotely execute arbitrary SQL queries by sending a malicious SQL command hidden inside a valid authorization header.

Two of the threats were buffer overflow vulnerabilities, one of which could be exploited to execute arbitrary code, while the other could be used for a Denial of Service (DoS) attack to crash the https daemon on the firewall.

The fourth was a format string vulnerability that allowed attackers to read the contents of the memory on the firewall for sensitive data, and even execute unauthorized code or commands.

Positive Technologies shared the fixes for all the four vulnerabilities with Fortinet and the company advises all its users to upgrade to the latest release to mitigate the vulnerabilities.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace