An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
The vulnerability results from improper access control (CWE-284) in the RADIUS authentication handling mechanism. When the remote_wildcard option is enabled in the configuration, the application does not properly verify user identity. An attacker can send a crafted HTTP request that allows bypassing the login procedure without providing valid authentication credentials.
An attacker gains unauthorized access to the FortiMail administrative panel, which potentially results in complete takeover of the mail system, including data access, ability to modify configuration, and privilege escalation.
Apply patches available from the vendor according to references (https://fortiguard.com/psirt/FG-IR-23-439). Until updating, it is recommended to disable the remote_wildcard option or temporarily replace RADIUS with another authentication method, if possible in the given environment.
FortiMail version 7.4.0, configured with RADIUS authentication and remote_wildcard option enabled
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortimail
APPFortinet7.4.0
Related vulnerabilities
Stack-based buffer overflow RCE w produktach Fortinet (FortiMail, FortiVoice i inne)
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntrepris...
An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89...