Fortinet FortiOS 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)
Medium Nessus Plugin ID 125888
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionThe remote host is running a version of FortiOS 5.4.1 prior to 5.4.11, 5.6.x prior to 5.6.9 or 6.0.x prior to 6.0.5. It is, therefore, affected by a security bypass vulnerability in the SSL VPN web portal, due to an error when processing HTTP requests. A remote, unauthenticated attacker can exploit this, by sending a specially crafted HTTP request to change the password of an arbitrary SSL VPN web portal user.
SolutionUpgrade to Fortinet FortiOS version to 5.4.11, 5.6.9, 6.0.5, 6.2.0 or later. Alternatively, apply one of the workarounds outlined in the linked advisory