FortiOS fails to block malformed HTTP/S traffic when transparent proxy is enabled
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-172
Final
1
1
2021-01-21T00:00:00
Current version
2021-01-21T00:00:00
2021-01-21T00:00:00
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiOS on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
Operational Risk, Traffic Bypass
Issue is observed only when the traffic is redirected to transparent proxy policy. FortiOS versions 6.4.2 and below. FortiOS versions 6.2.5 and below.
Please upgrade to FortiOS version 6.4.3 or above. Workaround: To block invalid HTTP traffic on port 80, disable the tunnel-non-http setting: config web-proxy global set tunnel-non-http disable end To block invalid HTTPS traffic on port 443, set the unsupported-ssl setting to "block": config firewall ssl-ssh-profile edit [profile-name] config https set ports 443 set unsupported-ssl block end end
Fortinet is pleased to thank Marko Winkler, Tobias Leydow, Marcus Schiefer and Sebastian Toth of T-Systems Multimedia Solutions GmbH for reporting this vulnerability under responsible disclosure.
FortiOS 6.2.4
FortiOS fails to block malformed HTTP/S traffic when transparent proxy is enabled
CVE-2020-15938
FortiOS-6.2.4
3.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:W/RC:R
https://fortiguard.fortinet.com/psirt/FG-IR-20-172
FortiOS fails to block malformed HTTP/S traffic when transparent proxy is enabled
Reference>