#VU18607 Improper Authorization in FortiOS
Vulnerability identifier: #VU18607
Vulnerability risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
FortiOS
Operating systems & Components /
Operating system
Vendor: Fortinet, Inc
Description
The vulnerability allows a remote attacker to bypass authorization.
The vulnerability exists due to unspecified error within the SSL VPN web portal when processing HTTP requests. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL VPN web portal and change password for arbitrary account.
Successful exploitation of the vulnerability may allow an attacker to login to the SSL VPN web portal with a new password and gain unauthorized access to network resources.
Mitigation
Install updates from vendor's website.
As a workaround, the vendor recommends disabling the SSL-VPN web portal service:
config vpn ssl settings
unset source-interface
end
Vulnerable software versions
FortiOS: 6.0.0 - 6.0.4, 5.6.0 - 5.6.8, 5.4.0 - 5.4.10
External links
http://fortiguard.com/psirt/FG-IR-18-389
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
