FortiWAN - Guessable static JSON web token secret
Summary
*PRODUCT OUT OF SUPPORT*
An improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
Affected Products
FortiWAN version 5.2.0 through 5.2.1FortiWAN version 5.1.1 through 5.1.2
Solutions
This product is end of life and no longer supported. Please consider replacing with an equivalent FortiGate appliance as approriate.