Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Williamhawk
New Contributor

Vulnerabilities in FortiOS with high attack risk

The FortiOS FortiGate security solutions operating system is vulnerable. The manufacturer Fortinet closes the security holes in two new versions. The emergency team of BSI CERT Bund classifies the risk as "high". The DoS vulnerability should be exploitable only by authenticated attackers. To do this, they have to send their payload to the params parameter of the JSON web API of the web user interface (web GUI). Of these, versions 5.4.0 through 5.4.5 are threatened. FortiOS 5.4.6 solves the problem according to Fortinet. The second gap also gapes in the web user interface. This is an XSS vulnerability in the redir parameter of the login disclaimer. Attackers should be able to attack FortiOS remotely without authentication. According to Fortinet, only FortiOS 5.4.0 up to and including 5.4.5 and 5.6.0 are affected. The problem should solve the issues 5.4.6 and 5.6.1. ( of ) For more you can check advertising examples
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors