Insufficient logging in FortiOS - CVE-2020-12818
Published: September 24, 2020
FortiOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to software may not log traffic from an unauthenticated attacker to Fortinet owned IP addresses. A remote attacker can abuse such behavior to stay unnoticed while performing malicious actions.
How to mitigate CVE-2020-12818
Upgrade to 6.4.1 or above, and add dynamic firewall address "FCTEMS_ALL_FORTICLOUD_SERVERS" which includes all FortiGuard servers in the policy to log the traffic for Fortinet IP addresses.