Fortinet FortiOS (Mac OS X) 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)
Medium Nessus Plugin ID 125894
SynopsisThe remote Mac OS X host is affected by a security bypass vulnerability.
DescriptionThe remote Mac OS X host is running a version of FortiOS 5.4.1 prior to 5.4.11, 5.6.x prior to 5.6.9 or 6.0.x prior to 6.0.5. It is, therefore, affected by a security bypass vulnerability in the SSL VPN web portal, due to an error when processing HTTP requests. A remote, unauthenticated attacker can exploit this, by sending a specially crafted HTTP request to change the password of an arbitrary SSL VPN web portal user.
SolutionUpgrade to Fortinet FortiOS version to 5.4.11, 5.6.9, 6.0.5, 6.2.0 or later. Alternatively, apply one of the workarounds outlined in the linked advisory