A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortios | Fortinet | 7.0.0 (including) | 7.0.11 (excluding) |
Fortios | Fortinet | 7.2.0 (including) | 7.2.4 (excluding) |