REST API trusted host bypass
Summary
An improper access control vulnerability [CWE-284] in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host.
Version | Affected | Solution |
---|---|---|
FortiOS 7.4 | Not affected | Not Applicable |
FortiOS 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
Acknowledgement
Internally discovered and reported by Justin Lum from FortiOS development team.Timeline
2023-10-10: Initial publication