Remote Exploit Vulnerability in Bash - (Shellshock)
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-14-030
Final
1
1
2014-09-25T00:00:00
Current version
2014-09-25T00:00:00
2014-09-25T00:00:00
An exploit has been discovered in GNU Bourne Again Shell (Bash) versions 1.14.0 through 4.3. This vulnerability may allow an attacker to remotely execute arbitrary code by crafting special code within an environment variable string. Under certain circumstances, exploitation of this vulnerability can result in unwanted code executing on the vulnerable system.Update: Mon Sep 29 - This advisory has been updated to include the Bash exploits reported in CVE-2014-6277 and CVE-2014-6273. The updates of affected products will include updates that address all four CVE's reported.Additional updates will follow.Update June 1st 2021: The list of impacted products has been updated to include FortiWLC.
Execute unauthorized code or commands
FortiAnalyzer version 4.x, 5.0.0 through 5.0.7 and 5.2.0FortiManager version 4.x, 5.0.0 through 5.0.7 and 5.2.0FortiAuthenticator version 1.x, 2.x, 3.0.x and 3.1.0 through 3.1.1Authentication is required to exploit the above 3 productsFortiDB versions 5.0.x, 4.x, 5.1.1 and belowOnly 32-bit FortiWLC Wireless Controllers are impacted.FortiWLC versions 8.x, 8.5.0 through 8.5.3 and 8.6.0
FortiAnalyzerPlease upgrade to FortiAnalyzer version 5.2.1 or abovePlease upgrade to FortiAnalyzer version 5.0.8 or aboveFortiAuthenticatorPlease upgrade to FortiAuthenticator version 3.1.2 or aboveFortiDBPlease upgrade to FortiDB version 5.1.5 or aboveFortiManagerPlease upgrade to FortiManager version 5.2.1 or abovePlease upgrade to FortiManager version 5.0.8 or aboveFortiWLCPlease upgrade to FortiWLC version 8.5.4 or above. Please upgrade to FortiWLC version 8.6.1 or above. WorkaroundsFortiGate customers may apply the IPS signature entitled "Bash.Function.Definitions.Remote.Code.Execution" to protect systems accessible through a FortiGate. This IPS signature is available in the 5.552 IPS update, which will be deployed via FDS on the afternoon of September 25th.FortiGuard Labs has created an AV signature for this vulnerability and it was deployed using the Hot Update functionality. It is advised that all FortiGate customers ensure they are using AV DB 22.863 or later to help protect systems.FortiGuard Web Security Service for FortiWeb web application firewall was updated overnight to address the Shellshock vulnerability. Updated package 0.00116 includes signature 090420001 to prevent attackers from executing arbitrary commands over HTTP via specially Bash crafted environments (CVE-2014-6271, CVE-2014-7169). FortiWeb inspects signature 090420001 in URLs, arguments, headers and cookies. The signature is part of the Known Exploits directory and is enabled by default.Please be sure to back up your affected systems prior to update and read the respective release notes when performing any software upgrade. Firmware release dates for impacted products are pending and this advisory will be updated when available.
https://fortiguard.fortinet.com/psirt/FG-IR-14-030
Remote Exploit Vulnerability in Bash - (Shellshock)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://www.us-cert.gov/ncas/alerts/TA14-268A
https://www.us-cert.gov/ncas/alerts/TA14-268A
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
FortiAnalyzer 5.2.0
FortiAnalyzer 5.0.7
FortiAnalyzer 5.0.6
FortiAnalyzer 5.0.5
FortiAnalyzer 5.0.4
FortiAnalyzer 5.0.3
FortiAnalyzer 5.0.2
FortiAnalyzer 5.0.1
FortiAnalyzer 5.0.0
FortiAuthenticator 3.1.1
FortiAuthenticator 3.1.0
FortiAuthenticator 3.0.3
FortiAuthenticator 3.0.0
FortiAuthenticator 2.2.0
FortiAuthenticator 2.1.0
FortiAuthenticator 1.3.1
FortiAuthenticator 1.3.0
FortiAuthenticator 1.2.1
FortiAuthenticator 1.2.0
FortiAuthenticator 1.1.0
FortiAuthenticator 1.0.0
FortiDB 5.1.1
FortiDB 5.1.0
FortiDB 5.0.0
FortiDB 4.4.3
FortiDB 4.4.2
FortiDB 4.4.1
FortiDB 4.4.0
FortiDB 4.3.2
FortiDB 4.0.1
FortiDB 4.0.0
FortiDB 3.2.7
FortiDB 3.2.6
FortiDB 3.2.5
FortiDB 3.2.4
FortiDB 3.2.3
FortiDB 3.2.1
FortiDB 0.4.10
FortiManager 5.2.0
FortiManager 5.0.7
FortiManager 5.0.6
FortiManager 5.0.5
FortiManager 5.0.4
FortiManager 5.0.3
FortiManager 5.0.2
FortiManager 5.0.1
FortiManager 5.0.0
FortiManager 4.3.8
FortiManager 4.3.7
FortiManager 4.3.6
FortiManager 4.3.5
FortiManager 4.3.4
FortiManager 4.3.3
FortiManager 4.3.2
FortiManager 4.3.1
FortiManager 4.3.0
FortiManager 4.2.9
FortiManager 4.2.8
FortiManager 4.2.7
FortiManager 4.2.6
FortiManager 4.2.5
FortiManager 4.2.4
FortiManager 4.2.2
FortiManager 4.2.1
FortiManager 4.2.0
FortiManager 4.1.4
FortiManager 4.1.3
FortiManager 4.1.2
FortiManager 4.1.1
FortiManager 4.0.3
FortiManager 4.0.2
FortiManager 4.0.1
FortiManager 4.0.0
FortiWLC 8.6.0
FortiWLC 8.5.3
FortiWLC 8.5.2
FortiWLC 8.5.1
FortiWLC 8.5.0
FortiWLC 8.4.8
FortiWLC 8.4.7
FortiWLC 8.4.6
FortiWLC 8.4.5
FortiWLC 8.4.4
FortiWLC 8.4.2
FortiWLC 8.4.1
FortiWLC 8.4.0
FortiWLC 8.3.3
FortiWLC 8.3.2
FortiWLC 8.3.1
FortiWLC 8.3.0
FortiWLC 8.2.7
FortiWLC 8.2.6
FortiWLC 8.2.5
FortiWLC 8.2.4
FortiWLC 8.1.3
FortiWLC 8.1.2
FortiWLC 8.0.6
FortiWLC 8.0.5
Remote Exploit Vulnerability in Bash - (Shellshock)
CVE-2014-6271
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
FortiAnalyzer-5.2.0
FortiAnalyzer-5.0.7
FortiAnalyzer-5.0.6
FortiAnalyzer-5.0.5
FortiAnalyzer-5.0.4
FortiAnalyzer-5.0.3
FortiAnalyzer-5.0.2
FortiAnalyzer-5.0.1
FortiAnalyzer-5.0.0
FortiAuthenticator-3.1.1
FortiAuthenticator-3.1.0
FortiAuthenticator-3.0.3
FortiAuthenticator-3.0.0
FortiAuthenticator-2.2.0
FortiAuthenticator-2.1.0
FortiAuthenticator-1.3.1
FortiAuthenticator-1.3.0
FortiAuthenticator-1.2.1
FortiAuthenticator-1.2.0
FortiAuthenticator-1.1.0
FortiAuthenticator-1.0.0
FortiDB-5.1.1
FortiDB-5.1.0
FortiDB-5.0.0
FortiDB-4.4.3
FortiDB-4.4.2
FortiDB-4.4.1
FortiDB-4.4.0
FortiDB-4.3.2
FortiDB-4.0.1
FortiDB-4.0.0
FortiDB-3.2.7
FortiDB-3.2.6
FortiDB-3.2.5
FortiDB-3.2.4
FortiDB-3.2.3
FortiDB-3.2.1
FortiDB-0.4.10
FortiManager-5.2.0
FortiManager-5.0.7
FortiManager-5.0.6
FortiManager-5.0.5
FortiManager-5.0.4
FortiManager-5.0.3
FortiManager-5.0.2
FortiManager-5.0.1
FortiManager-5.0.0
FortiManager-4.3.8
FortiManager-4.3.7
FortiManager-4.3.6
FortiManager-4.3.5
FortiManager-4.3.4
FortiManager-4.3.3
FortiManager-4.3.2
FortiManager-4.3.1
FortiManager-4.3.0
FortiManager-4.2.9
FortiManager-4.2.8
FortiManager-4.2.7
FortiManager-4.2.6
FortiManager-4.2.5
FortiManager-4.2.4
FortiManager-4.2.2
FortiManager-4.2.1
FortiManager-4.2.0
FortiManager-4.1.4
FortiManager-4.1.3
FortiManager-4.1.2
FortiManager-4.1.1
FortiManager-4.0.3
FortiManager-4.0.2
FortiManager-4.0.1
FortiManager-4.0.0
FortiWLC-8.6.0
FortiWLC-8.5.3
FortiWLC-8.5.2
FortiWLC-8.5.1
FortiWLC-8.5.0
FortiWLC-8.4.8
FortiWLC-8.4.7
FortiWLC-8.4.6
FortiWLC-8.4.5
FortiWLC-8.4.4
FortiWLC-8.4.2
FortiWLC-8.4.1
FortiWLC-8.4.0
FortiWLC-8.3.3
FortiWLC-8.3.2
FortiWLC-8.3.1
FortiWLC-8.3.0
FortiWLC-8.2.7
FortiWLC-8.2.6
FortiWLC-8.2.5
FortiWLC-8.2.4
FortiWLC-8.1.3
FortiWLC-8.1.2
FortiWLC-8.0.6
FortiWLC-8.0.5
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-14-030
Remote Exploit Vulnerability in Bash - (Shellshock)
Reference>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://www.us-cert.gov/ncas/alerts/TA14-268A
https://www.us-cert.gov/ncas/alerts/TA14-268A
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/