Fortinet addresses Authentication Bypass in addition to numerous flaws
Fortinet addresses Authentication Bypass in addition to numerous flaws
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
Fortinet addressed security flaws across its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy tracking CVE-2022-35843 in FortiOS’s SSH login component. Only when Radius authentication is utilized can the bug be triggered. A remote attacker can circumvent authentication and get access to the device by delivering a specially designed Access-Challenge response from the Radius server. Other weaknesses allow an authenticated attacker to retrieve files and execute arbitrary code via crafted HTTP requests.