Fortinet: Vulnerability issues
by Secutec
1 Unauthenticated SSL VPN users password modifications
Summary
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password of an SSL VPN web portal user via specially crafted HTTP requests.
Solutions
Upgrade to FortiOS 5.4.11, 5.6.9, 6.0.5, 6.2.0 or above.
Workaround
The only workaround is to migrate SSL VPN user authentication from local to remote (LDAP or RADIUS), or totally disable the SSL-VPN service (both web-mode and tunnel-mode) by applying the following CLI commands:
config vpn ssl settings
unset source-interface
end
Click here for more information.
2 System file leak through SSL VPN via specially crafted HTTP resource requests
Summary
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Solutions
Upgrade to FortiOS 5.6.8, 6.0.5 or 6.2.0
Workarounds
As a temporary solution, the only workaround is to totally disable the SSL-VPN service (both web-mode and tunnel-mode) by applying the following CLI commands:
config vpn ssl settings
unset source-interface
end