Main Vulnerability Database SB2021060122

SB2021060122 - Improper authorization in Fortinet FortiProxy

Published: June 1, 2021

Security Bulletin ID SB2021060122

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization (CVE-ID: CVE-2018-13382)

The vulnerability allows a remote attacker to bypass authorization.

The vulnerability exists due to unspecified error within the SSL VPN web portal when processing HTTP requests. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL VPN web portal and change password for arbitrary account.

Successful exploitation of the vulnerability may allow an attacker to login to the SSL VPN web portal with a new password and gain unauthorized access to network resources.

Remediation

Install update from vendor's website.

References

https://www.fortiguard.com/psirt/FG-IR-20-231