FortiOS - Improper authentication following read-only user login

Summary

An improper authentication vulnerability [CWE-287] in FortiOS when configured with FortiAuthenticator in HA may allow an authenticated attacker with at least read-only permission to gain read-write access via successive login attempts.

Affected Products

FortiOS version 7.4.0 through 7.4.1
FortiOS version 7.2.0 through 7.2.6
FortiOS version 7.0.0 through 7.0.12

Solutions

Please upgrade to FortiOS 7.4.2 or above
Please upgrade to FortiOS 7.2.7 or above
Please upgrade to ForitOS 7.0.13 or above


Workaround- Disable push notifications for FortiAuthenticator:


For RADIUS Authentication (From FortiAuthenticator)- ## RADIUS Service > Policies > (select policy) > Authentication Factors > Advanced Options >


Allow FortiToken Mobile push notifications


(disable)

Timeline

2024-02-22: Initial publication