Description
Fortinet products FortiOS, FortiProxy, FortiSwitchManager are vulnerable to an authentication bypass vulnerability that allows an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
The flaw affects the following versions:
Remediation
Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.7 or above
Please upgrade to FortiProxy version 7.2.1 or above
Please upgrade to FortiProxy version 7.0.7 or above
Please upgrade to FortiSwitchManager version 7.2.1 or above
References
Related Vulnerabilities
WordPress Plugin YITH Pre-Order for WooCommerce Security Bypass (1.1.9)
WordPress Plugin Login No Captcha reCAPTCHA Security Bypass (1.6.11)
Authentication bypass via MongoDB operator injection
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)