Alert Logic is researching an authentication bypass that is using an alternate path or channel vulnerability in FortiOS, FortiProxy, and FortiSwitchManager. This may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Who is affected?
Alert Logic is actively researching an Admin Interface Authentication Bypass affecting Fortinet customers running one of the following:
- FortiOS version 7.2.0 through 7.2.1
- FortiOS version 7.0.0 through 7.0.6
- FortiProxy version 7.2.0
- FortiProxy version 7.0.0 through 7.0.6
- FortiSwitchManager version 7.2.0
- FortiSwitchManager version 7.0.0
The vulnerability may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. This vulnerability requires the attack to have network access to the admin interface of the affected products.
What can I do?
Alert Logic recommends upgrading to one of the following versions:
- FortiOS version 7.2.2 or above
- FortiOS version 7.0.7
- FortiProxy version 7.2.1 or above
- FortiProxy version 7.0.7
- FortiSwitchManager version 7.2.1 or above
If an upgrade window is not immediately available, Fortinet has a published workaround for this vulnerability.
Note: Alert Logic has not tested this workaround.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities. Alert Logic appliances and infrastructure are not affected by this vulnerability.
Log Management: Alert Logic has deployed initial telemetry analytics to aid in detection research.
Vulnerability Scanning: the Alert Logic Vulnerability Scanning team is currently researching the best way to detect this vulnerability.
Web Application Firewall: Alert Logic has released virtual patches that have been pushed to customer WAFs.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.