FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted
Summary
A permissive cross-domain policy with untrusted domains (CWE-942) vulnerability in the API of FortiADC / FortiDDoS-F may allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.
Version | Affected | Solution |
---|---|---|
FortiDDoS-F 6.5 | Not affected | Upgrade to 6.5.0 or above |
FortiDDoS-F 6.4 | 6.4.0 through 6.4.1 | Upgrade to 6.4.2 or above |
FortiDDoS-F 6.3 | 6.3 all versions | Migrate to a fixed release |
FortiADC 7.2 | Not affected | Upgrade to 7.2.0 or above |
FortiADC 7.1 | 7.1.0 through 7.1.1 | Upgrade to 7.1.2 or above |