CVE-2020-29017: FortiDeceptor RCE (Confused Deputy)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is not currently available.

1.3        Affected Version

FortiDeceptor 3.1.0, 3.0.1, 3.0.0 

1.4        Vulnerability Attribution

This vulnerability is disclosed by Chua Wei Kiat.

1.5        Risk Impact

According to Verizon’s 2020 Data Breach Investigation Report Verizon’s 2020 Data Breach Investigation Report, two-thirds of breaches found were from external actors while the remaining one-third involved internal actors.

FortiDeceptor, a Fabric-enabled deception approach allows organizations to rapidly create a fabricated deception network through intelligent provision and automatic deployment of decoys and lures that seamlessly integrate with an existing IT/OT infrastructure to lure attackers into revealing themselves.

FortiDeceptor product is supposed to protect Enterprise organization from breaches, and, exploiting this vulnerability can provide the attacker the leverage to install backdoors on the compromised system. This in turn could compromise whole breach detection process and can cause catastrophic damages to the integrity of the company.

There are no publicly available exploits.

1.6        Virsec Security Platform (VSP) Support:

VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

VSP-Web has capability that can detect all types of OS command injection attack and prevent this attack from being exploited.

1.7        Reference Links:

• NVD - CVE-2020-29017 (nist.gov)
• FortiDeceptor is impacted by an OS command injection vulnerability | FortiGuard

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!