CVE-2020-29015

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.3.0 through 6.3.7 FortiWeb versions prior to 6.2.4 FortiWeb versions 6.3.11 and earlier

Description A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. The vulnerability is related to the lack of protection of the SQL query structure. Rapid7 revealed that this vulnerability grants complete control over the affected device.

Recommendations For FortiWeb versions 6.3.0 through 6.3.7, consider disabling the Authorization header until a patch is available. For FortiWeb versions prior to 6.2.4, restrict access to the user interface to minimize the risk of exploitation. For FortiWeb versions 6.3.11 and earlier, avoid using the Authorization header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.