An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.
FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy 2.0 all versions FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions FortiSwitchManager version 7.2.0 through 7.2.2 FortiSwitchManager version 7.0.0 through 7.0.2 FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.10 FortiOS version 6.4.0 through 6.4.12 FortiOS 6.2 all versions
Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiOS version 6.4.13 or above
AcknowledgementInternally discovered and reported by Goutham Rukmasah from Fortinet's FortiGuard Labs .
2023-03-21: Initial publication