FortiOS & FortiProxy - Improper authorization for HA requests

Jan. 9, 2024, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper privilege management vulnerability [CWE-269] in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.

actions amp attacker authorization cluster cwe fortios fortiproxy http https management may privilege requests vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks, 6 days ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 3 weeks, 6 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 3 weeks, 6 days ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 3 weeks, 6 days ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 3 weeks, 6 days ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 3 weeks, 6 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 3 weeks, 6 days ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 3 weeks, 6 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks, 6 days ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

Principal - Cyber Risk and Assurance - Infra/Network

@ GSK | Bengaluru Luxor North Tower

View on infosec-jobs.com

Staff Security Engineer

@ Airwallex | AU - Melbourne

View on infosec-jobs.com

Chief Information Security Officer

@ Australian Payments Plus | Sydney, New South Wales, Australia

View on infosec-jobs.com

TW Test Automation Engineer (Access Control & Intrusion Systems)

@ Bosch Group | Taipei, Taiwan

View on infosec-jobs.com

Consultant infrastructure sécurité H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiOS & FortiProxy - Improper authorization for HA requests

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Principal - Cyber Risk and Assurance - Infra/Network

Staff Security Engineer

Chief Information Security Officer

TW Test Automation Engineer (Access Control & Intrusion Systems)

Consultant infrastructure sécurité H/F

SOC Analyst