Fortinet has released critical security patches for multiple versions of FortiWeb, addressing a high-severity SQL injection vulnerability found by researches at GMO Cybersecurity that could be exploited if left unpatched. If your organization uses FortiWeb for web application firewalling, now is the time to prioritize patching.
The vulnerability could have allowed attackers to send specially crafted web requests that trick FortiWeb into executing unauthorized SQL commands. Versions affected including
- Versions 7.6.0 – 7.6.3
- Versions 7.4.0 – 7.4.7
- Versions 7.2.0 – 7.2.10
- Versions 7.0.0 – 7.0.10
If you need more time to schedule your update, Fortinet has advised a temporary workaround in disabling the HTTP/HTTPS administrative interface until the patch can be applied. This can help reduce the potential attack surface in the meantime.
If using FortiWeb, review system access policies and don’t delay on checking your current version, and download and apply the latest patch
Check out Fortinet’s documentation or their official advisory on the new patch here.
Leave a Reply