Nixpkgs security tracker
9.4 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
An Authentication Bypass Using an Alternate Path or Channel vulnerability …
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
References
Affected products
- =<7.4.10
- =<7.6.5
- =<7.0.18
- =<7.2.12
- =<8.0.3
- =<7.6.6
- =<7.4.11
- =<7.0.22
- =<7.2.15
- =<7.6.4
- =<7.4.12
- =<7.2.11
- =<7.6.5
- =<7.4.9
- =<7.0.15
- =<7.2.11
- =<7.6.5
- =<7.4.9
- =<7.0.15
Matching in nixpkgs
pkgs.terraform-providers.fortios
None
pkgs.python312Packages.fortiosapi
Python module to work with Fortigate/Fortios devices
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>