Cybersecurity specialists report detecting at least three vulnerabilities in Fortigate, the web application firewall (WAF) developed by technology firm Fortinet. According to the report, successful exploitation of these flaws would allow the deployment of various malicious scenarios.  

Below are brief descriptions of reported flaws, in addition to their respective tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-29015: Insufficient disinfection of user-provided data that is passed through the authorization header. An unauthenticated remote attacker can send a specially designed request to the affected application and execute arbitrary SQL commands within the application database.

This is a highly severe vulnerability and its exploitation would allow threat actors to read, modify and even delete the data in the affected application. The flaw received a score of 8.5/10.

CVE-2020-29016: A boundary flaw to process HTTP requests would allow unauthenticated threat actors to send requests with a large certificate name, trigger a stack-based buffer overflow, and perform arbitrary code execution on the target system.

This is a vulnerability considered critical that received a score of 8.5/10 on the CVSS scale.

CVE-2020-29019: A limit error processing HTTP cookies would allow remote authenticated users to send specially designed HTTP requests with poorly formed HTTP cookies and block the httpd daemon.

The vulnerability received a score of 5.7/10 and its execution would allow malicious hackers to deploy denial-of-service (DoS) attacks.

Flaws are present in the following versions of Fortinet FortiWeb: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7.

Although vulnerabilities could be exploited remotely by unauthenticated threat actors, cybersecurity experts have not detected active exploit attempts. Updates are now ready, so users in affected deployments should update as soon as possible.