Cybersecurity specialists have revealed the discovery of multiple vulnerabilities in Fortinet FortiADC; the severity of these failures varies, as well as potential exploitation scenarios.
Below is a brief profile of each of the discovered faults, with their respective Common Vulnerability Scoring System (CVSS) key.
CVE-2020-9286: This is an existing vulnerability in the affected product that exists due to inadequate access restriction, exploiting it would allow a remote threat actor to scale privileges on the target system and perform various tasks, such as restarting the device abruptly.
CVE-2020-6647: This flaw would allow remote attackers to perform cross-site scripting (XSS) attacks and exist due to insufficient disinfection of user input within the FortiADC dashboard. A remote hacker could trick a user into following a specially designed link and executes arbitrary HTML and script code in the context of an insecure website.
Successful exploitation of this vulnerability can allow a remote attacker to steal potentially sensitive information, change the appearance of a targeted website, perform phishing attacks, and drive-by-download.
The report mentions that the company has already received the report and began working immediately to correct security flaws. In the most recent update on the finding, Fortinet announced that security patches have already been released to users, so users of affected deployments are advised to update as soon as possible.
So far the finding of some malware variant to exploit these vulnerabilities has not been reported, although users should not forget to update their systems.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.