Bypassing FortiGate security profiles via SNI in Client Hello Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-091 Final 1 1 2022-03-01T00:00:00 Current version 2022-03-01T00:00:00 2022-03-01T00:00:00 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS may allow a privileged attacker to disclose sensitive information via SNI Client Hello TLS packets. Improper access control All FortiOS versions are impacted by this vulnerability. Given that there is no systematic way to detect all exfiltration attempts and to exhaustively enumerate all possibilities offered by exfiltration channels, Fortinet has addressed the issue by releasing a set of IPS signatures:Python/SNICat.A!exploit https://www.fortiguard.com/encyclopedia/virus/10069638SNIcat.Data.Exfiltration.Tool https://www.fortiguard.com/encyclopedia/ips/50952 https://fortiguard.fortinet.com/psirt/FG-IR-20-091 Bypassing FortiGate security profiles via SNI in Client Hello https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212 CVE-2020-15936 2.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-091 Bypassing FortiGate security profiles via SNI in Client Hello Reference> https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212