Login Sign Up

CVE-2020-29015

9.8 CRITICAL
SQL Injection

📋 TL;DR

This CVE describes a blind SQL injection vulnerability in FortiWeb's user interface that allows unauthenticated remote attackers to execute arbitrary SQL queries or commands. Attackers can exploit this by sending crafted requests with malicious SQL statements in the Authorization header. Organizations running affected FortiWeb versions are vulnerable.

💻 Affected Systems

Products:
  • FortiWeb
Versions: 6.3.0 through 6.3.7 and versions before 6.2.4
Operating Systems: FortiWeb OS
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations of affected versions are vulnerable if the web management interface is accessible.

📦 What is this software?

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the FortiWeb device, allowing attackers to execute arbitrary commands, steal sensitive data, modify configurations, and pivot to internal networks.

🟠

Likely Case

Data exfiltration from the FortiWeb database, configuration tampering, and potential command execution leading to device compromise.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and involves simple HTTP request manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiWeb 6.2.4 and 6.3.8 or later

Vendor Advisory: https://www.fortiguard.com/psirt/FG-IR-20-124

Restart Required: Yes

Instructions:

1. Download the appropriate firmware update from Fortinet support portal. 2. Backup current configuration. 3. Apply firmware update via web interface or CLI. 4. Reboot device after update completes.

🔧 Temporary Workarounds

Restrict Management Interface Access

all

Limit access to FortiWeb management interface to trusted IP addresses only

config system interface
edit <interface_name>
set allowaccess https
set trust-ip-1 <trusted_ip>
end

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the FortiWeb management interface
  • Deploy a web application firewall in front of FortiWeb to filter malicious SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check FortiWeb firmware version via web interface (System > Dashboard) or CLI command 'get system status'

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify firmware version is 6.2.4 or later for 6.2.x branch, or 6.3.8 or later for 6.3.x branch

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in logs
  • Multiple failed login attempts with crafted Authorization headers
  • Unexpected configuration changes

Network Indicators:

  • HTTP requests with SQL statements in Authorization headers
  • Unusual outbound connections from FortiWeb device

SIEM Query:

source="fortiweb" AND (Authorization:*SELECT* OR Authorization:*UNION* OR Authorization:*INSERT* OR Authorization:*UPDATE* OR Authorization:*DELETE*)

📊 Metadata

CVE ID: CVE-2020-29015
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-29015, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)