An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet FortiOS
OSFortinet7.0.0 – 7.4.9 (bez)7.6.0 – 7.6.3 (bez)Fortinet Fortiproxy
APPFortinet7.0.0 – 7.4.9 (bez)7.6.0 – 7.6.2 (bez)
Related vulnerabilities
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin
Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager
Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia