| This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |
| A vulnerability has been discovered FortiWeb, which could allow for remote code execution. FortiWeb is a web application firewall (WAF) developed by Fortinet. It’s designed to protect web applications and APIs from a wide range of attacks, including those targeting known vulnerabilities and zero-day exploits. Successful exploitation of this vulnerability could allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. |
| Threat Intelligence |
| Fortinet has observed this to be exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) also added the vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog. |
| Systems Affected |
| FortiWeb versions 8.0.0 through 8.0.1 FortiWeb versions 7.6.0 through 7.6.4 FortiWeb versions 7.4.0through 7.4.9 FortiWeb versions 7.2.0 through 7.2.11 FortiWeb versions 7.0.0 through 7.0.11 |
| Risk |
| Government: – Large and medium government entities: High – Small government entities: Medium |
| Businesses: – Large and medium business entities: High – Small business entities: Medium |
| Home Users: Low |
| Recommendations |
| Apply appropriate updates provided by Fortiguard to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them. Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. |
| References |