FortiGate - Policy-based NGFW SSL VPN mode doesn't filter accesses via Bookmarks

April 11, 2023, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.

bookmarks bypass cwe filter fortigate inputs list may mode ngfw policy portal ssl ssl vpn the web vpn vulnerability web

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks, 3 days ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 3 weeks, 3 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 3 weeks, 3 days ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 3 weeks, 3 days ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 3 weeks, 3 days ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 3 weeks, 3 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 3 weeks, 3 days ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 3 weeks, 3 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks, 3 days ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE

View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660

View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India

View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany

View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiGate - Policy-based NGFW SSL VPN mode doesn't filter accesses via Bookmarks

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Social Engineer For Reverse Engineering Exploit Study

Data Privacy Manager m/f/d)

Cybersecurity Sr. Manager

KDN IAM Associate Consultant

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

Senior Security Engineer - SIEM