Fortinet FortiOS 5.0.x < 5.0.4 Empty Device Group Firewall Bypass
Medium Nessus Plugin ID 85737
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionThe remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.4. It is, therefore, affected by a security bypass vulnerability due to an unspecified flaw that that is triggered during the handling of empty device groups. An unauthenticated, remote attacker can exploit this to bypass the device-based firewall policies.
SolutionUpgrade to Fortinet FortiOS 5.0.4 or later.