Fortinet addresses Authentication Bypass in addition to numerous flaws

Threat Level – Amber | Vulnerability Report
Download PDF

Fortinet addressed security flaws across its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy tracking CVE-2022-35843 in FortiOS’s SSH login component. Only when Radius authentication is utilized can the bug be triggered. A remote attacker can circumvent authentication and get access to the device by delivering a specially designed Access-Challenge response from the Radius server. Other weaknesses allow an authenticated attacker to retrieve files and execute arbitrary code via crafted HTTP requests.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox