Wednesday 18 August 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Despite having received the discovery disclosure of a zero-day command injection in its web application firewall, Fortinet is yet to release a patch until end of August with the release of Fortiweb 6.4.1.
Fortinet FortiWeb versions 6.3.11 and earlier
Actions to be taken:
While waiting for the release of 6.4.1, admins are advised to block access to the FortiWeb device’s management interface from the internet or from untrusted connections.