The Metasploit Framework just released a new version with an exploit for a FortiWeb zero-day vulnerability. If you like hacking tools or conducting security testing, you'll be delighted with this news.
This would give an adversary total access. There's also another vulnerability tied to that one which allows attackers to execute commands on the server. Fortinet deployed a patch for both vulnerabilities in version 8.0.2, however, attackers were exploiting the vulnerabilities before the patch was released.
This bug has been put to use by attackers, and as it is in Metasploit, it makes things easier for testers - and unfortunately, it also makes it easier for attackers.
2. Great for pentesting and learning
If you do red-team work or ethical hacking, this new module allows you to test real-life scenarios. You can see how your systems respond when someone tries to create fake admin accounts.
3. People using FortiWeb should update right away
If anyone uses FortiWeb at their organization, they should be upgrading to 8.0.2 or better as soon as possible. They should also check logs for odd new accounts with admin rights.
Were I running FortiWeb, I would conduct the update immediately and monitor for any new logins or admin changes.
What Is The FortiWeb Zero-Day?
FortiWeb is a web application firewall sold by Fortinet. There was a critical vulnerability, and we believe attackers were already exploiting it. Attackers could issue a specially crafted request to the device and create a new admin account without logging in.This would give an adversary total access. There's also another vulnerability tied to that one which allows attackers to execute commands on the server. Fortinet deployed a patch for both vulnerabilities in version 8.0.2, however, attackers were exploiting the vulnerabilities before the patch was released.
What's New In Metasploit?
The Metasploit team added a module for security testers to assess the vulnerablility of FortiWeb devices. The new module will:- Allow testers to create an admin account on a vulnerable FortiWeb device.
- Assist security teams in determining the importance of the issue.
- Provide testers on the red team with a practical method for testing these attacks.
Why This Update Is Important
1. This is a real, active threatThis bug has been put to use by attackers, and as it is in Metasploit, it makes things easier for testers - and unfortunately, it also makes it easier for attackers.
2. Great for pentesting and learning
If you do red-team work or ethical hacking, this new module allows you to test real-life scenarios. You can see how your systems respond when someone tries to create fake admin accounts.
3. People using FortiWeb should update right away
If anyone uses FortiWeb at their organization, they should be upgrading to 8.0.2 or better as soon as possible. They should also check logs for odd new accounts with admin rights.
My Simple Opinion
To be honest, I appreciate updates like this because they help testers gain more awareness of real issues, but they are also a reminder of the need to patch our systems rapidly.Were I running FortiWeb, I would conduct the update immediately and monitor for any new logins or admin changes.