FortiADC Web Application Firewall Vulnerability Allows Attackers to Gain Admin Access

CVECVE-2023-26205
CVSScvssV3_1: 7.9
SourceCVE-2023-26205

FortiADC is a popular web application firewall and load balancer made by Fortinet. A recent vulnerability was discovered that could allow low-privileged authenticated users to escalate their privileges to the highest super_admin level.

The vulnerability exists in the automation feature of FortiADC versions 7.1.0 through 7.1.2 and all versions of 7.0, 6.2 and 6.1. By crafting a special configuration file for the fabric automation CLI script, an attacker could abuse improper access controls and gain full administrative access.

Once an attacker has escalated privileges, they would have complete control over the FortiADC system. They could view and modify firewall rules, access logs and sensitive customer data, perform unauthorized changes and more.

To protect yourself, administrators should immediately update their FortiADC appliances to the latest versions which contain patches for this vulnerability. Strong access controls and monitoring should also be implemented to detect any unauthorized privilege escalation attempts. Regular audits of configurations and accounts can help prevent attackers from exploiting vulnerabilities like this in the future.

References