Threat Encyclopedia



This indicates an attack attempt to exploit an Improper Authentication Vulnerability in FortiOS.
The vulnerability is due to an error in the vulnerable application when handling requests. An unauthenticated attacker can exploit this to modify the password of an SSL VPN user via a crafted request.

affected-products-logoAffected Products

FortiOS 6.0.0 to 6.0.4 with SSL VPN Service enabled
FortiOS 5.6.0 to 5.6.8 with SSL VPN Service enabled
FortiOS 5.4.1 to 5.4.10 with SSL VPN Service enabled


Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor. Or follow work around provided by the vendor.

CVE References


Other References