Detections
Analytics

Fortinet FortiWeb < 5.3.5 Multiple Vulnerabilities

medium Nessus Plugin ID 83031

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host running a version of FortiWeb prior to 5.3.5. It is, therefore, affected by multiple vulnerabilities :

 - A command injection vulnerability exists due to a flaw that occurs when an administrator is executing reports.
 An authenticated, remote attacker can exploit this to execute arbitrary system commands.

 - A cross-site scripting vulnerability exists due to improper sanitization of a parameter in the auto update service page. A remote, authenticated attacker can exploit this to execute arbitrary script code in a user's browser session. Note that this vulnerability only affects the 5.x version branch.

 - A security bypass vulnerability exists due to the the password field for the FTP backup page having HTML form autocomplete enabled. A local attacker can exploit this to bypass FortiWeb's authentication.

Solution

Upgrade to Fortinet FortiWeb 5.3.5 or later. Alternatively, apply the workaround as referenced in the vendor advisory.

See Also

https://fortiguard.com/psirt/FG-IR-15-010

Plugin Details

Severity: Medium

ID: 83031

File Name: fortiweb_FG-IR-15-010.nasl

Version: 1.8

Type: local

Family: CGI abuses

Published: 4/23/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:fortinet:fortiweb

Required KB Items: Host/Fortigate/model, Host/Fortigate/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/16/2015

Vulnerability Publication Date: 4/16/2015

Reference Information

BID: 74195