A vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. operation systemsFortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques. FortiSwitch Manager is an on-premise management platform for the FortiSwitch product. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Link to full report: IR-22-288-002_Fortinet.pdf
Comments