A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortios | Fortinet | 7.0.0 (including) | 7.0.11 (excluding) |
Fortios | Fortinet | 7.2.0 (including) | 7.2.4 (excluding) |