Experts from the Vulnerability Lab have identified a number of security holes in FortiGate UMT appliances found on the US Army’s 2012 Information Assurance Approved Products List (IA APL). Fortunately, the company has addressed the vulnerabilities to ensure that their customers are protected.
The first flaws
– multiple cross-site scripting (XSS) issues – were found to affect UTM Firewall appliance applications such as FortiGate-5000 Series, FortiGate-3950 Series and FortiGate-3810A.
Identified back in May, the medium-severity flaws could have been leveraged by a remote attacker to hijack customer and administrator sessions, manipulate website context on the client side, and for phishing campaigns.
The second set of bugs - multiple persistent Web Vulnerabilities – affected the same FortiGate UTM appliance applications.
They allowed a remote attacker to persistently inject their own malicious scrip code in order to manipulate specific customer and administrator requests.
“Successful exploitation results in content module request manipulation, execution of persistent malicious script code, session hijacking, account steal & persistent phishing,” the researchers explained.