Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Manish_NCS
New Contributor

Created on ‎01-11-2024 07:11 PM Edited on ‎01-11-2024 07:15 PM

Improper authorization for HA requests

Improper authorization for HA requests

i want to know about below vulnerability 

Summary

An improper privilege management vulnerability [CWE-269] in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.

 

how to mitigate this ?

is this applicable to all the Fortigate FW

how to check if this is affecting for my network or not. ?

 

https://www.fortiguard.com/psirt/FG-IR-23-315 

 

this is the link which i receive from Fortigate. 

Labels:
623
0 Kudos
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎01-12-2024 02:34 AM Edited on ‎01-12-2024 02:35 AM

This is a vulnerability on FOS 7.2.5, 7.4.0 and 7.4.1.

To fix it you just have to update your FOS to 7.2.6 or 7.4.2.

AEK
AEK
597
Manish_NCS
New Contributor
In response to AEK

Created on ‎01-15-2024 01:36 AM

which one is the best and stable version 7.2.6 or 7.4.2

because if i upgrade 7.2.6 and after one month's again would be another like 7.2.7 correct?

 

so, what about 7.4.2 because this would be major upgrade right from 7.2.5 to 7.4.2 so later it will cover all the version which are between 7.2.6 to 7.4.2 correct ?

533
0 Kudos
AEK
SuperUser
SuperUser
In response to Manish_NCS

Created on ‎01-15-2024 09:52 AM

First, check the release notes of both 7.2.6 and 7.4.2.

  • If you see that you don't need the new features that are available in 7.4.x, then I think it is better to stay at 7.2.6. Once 7.2.7 is released then update your FW again
  • In case you really need the new features that are available in 7.4.x, then go for 7.2.4

Personally I stay at 7.0.13 since it is more mature than the two above, and also because I don't need extra features at the moment.

AEK
AEK
499
hbac
Staff
Staff

Created on ‎01-12-2024 06:47 AM

Hi @Manish_NCS,

 

As AEK suggested, you just need to upgrade the firmware version to 7.2.6 or 7.4.2. You can disable all web administrative interface (HTTP or HTTPS) from external network for mitigation. 

 

Regards, 

582
0 Kudos
Manish_NCS
New Contributor
In response to hbac

Created on ‎01-15-2024 01:37 AM

how i can perform this task. can you please let me know. 

 

You can disable all web administrative interface (HTTP or HTTPS) from external network for mitigation. 

 

mean to say how to disable http or https. ? from external network

531
0 Kudos
hbac
Staff
Staff
In response to Manish_NCS

Created on ‎01-15-2024 06:53 AM

@Manish_NCS

 

I mean you can disable HTTPS administrative access on your WAN interface. You can refer to https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/582009/system-administra...

 

Regards,

512
AEK
SuperUser
SuperUser
In response to hbac

Created on ‎01-15-2024 09:55 AM

As recommended by @hbac , I'd also suggest to disable admin access on WAN interfaces, even if you have patched all your vulnerabilities.

AEK
AEK
496
Yen
New Contributor

Created on ‎01-29-2024 10:30 PM

My FGVM using version 5.2 and 5.4。

 

Do I need upgrade?

257
0 Kudos
AEK
SuperUser
SuperUser
In response to Yen

Created on ‎01-29-2024 11:13 PM

@Yen, your FG seems not affected by this vulnerability, however you still need to upgrade, as 5.x is not patched anymore.since long time.

AEK
AEK
251
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.