An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 up to and including 7.0.7, 6.4.0 up to and including 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 up to and including 7.0.5, 2.0.0 up to and including 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated malicious user to login into the device via sending specially crafted Access-Challenge response from the Radius server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortios 7.2.0 |
||
fortinet fortios |
||
fortinet fortios 7.2.1 |