Critical vulnerabilities in FortiClientEMS and other Fortinet products. Patch immediately

Cybersecurity specialists report the detection of multiple vulnerabilities in various Fortinet products, including FortiAnalyzer and FortiClientEMS. According to the report, the successful exploitation of these vulnerabilities would allow threat actors to deploy all kinds of attacks.

Below are brief descriptions of the reported flaws, in addition to their respective tracking keys and scores assigned by the Common Vulnerability Scoring System (CVSS).

CVE-2021-24021: Insufficient disinfection of user-provided data in FortiAnalyzer’s LogView column settings would allow remote threat actors to trick a target user into executing html code and arbitrary scripts in the context of a vulnerable website.

The vulnerability received a CVSS score of 5.3/10 and its successful exploitation would allow the deployment of cross-site scripting (XSS) attacks, cybersecurity experts say.

This flaw resides in the following versions of FortiAnalyzer: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4.0, 6.4.1, 6.4.2 and 6.4.3.

CVE-2021-36170: Excessive data output in FortiManager and FortiAnalyzer would allow local administrators to gain unauthorized access to sensitive information on the affected system.

This is a low severity flaw and received a CVSS score of 2.8/10. According to the report, the flaw lies in the following products and versions:

FortiManager: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5 and 6.4.6.

FortiAnalyzer: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6 and 7.0.0.

CVE-2021-24019: An insufficient session expiration error in FortiClientEMS would allow unauthenticated remote threat actors to reuse an administrator user’s session IDs to perform privilege escalation on the affected system.

This is a high severity flaw and received a CVSS score of 7.1/10.

The flaw exists in the following Versions of FortiClientEMS: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.6, 6.2.7, 6.2.8, 6.4.0, 6.4.1, and 6.4.2.

Cybersecurity experts say that all flaws are exploitable in real scenarios, although so far no cases of active exploitation have been detected. However, Fortinet recommends that users of affected deployments apply the necessary updates as soon as possible to fully mitigate the risk of exploitation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.