Summary
New vulnerabilities have been discovered in some Fortinet products, one of which is rated “critical.” This vulnerability, if exploited, could allow a remote attacker with knowledge of an existing administrative account to access the target system as an administrator, bypassing authentication.
Risk
Estimate of the impact of the vulnerability on the reference community: High (65.38)
Type
- Authentication Bypass
Affected products and versions
FortiSwitchManager
- Version 7.2.5
FortiOS
- Version 7.6.0
- 7.4.x, versions from 7.4.4 to 7.4.6
FortiProxy
- 7.6.x, versions prior to 7.6.2
NB: The vulnerability only affects configurations that have ASCII authentication enabled.
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Below are the CVEs related to vulnerabilities with a severity of “critical”:
References
