An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
oryginał ENCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NFortinet FortiOS
OSFortinet7.0.0 – 7.0.157.2.0 – 7.2.87.4.0 – 7.4.3Fortinet Fortiproxy
APPFortinet7.0.0 – 7.4.3
Powiązane podatności
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin
Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager
Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia