![]() ![]() ![]() ![]() As a result, you can call any REST API without authentication, which is pretty bad considering this is a security appliance. An authentication bypass using an alternate path or channel in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.Ī vulnerability lets you send requests to the backend API service that appear to be coming from a trusted frontend application. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |