FortiProxy is a web proxy server used by Fortinet to manage and filter incoming and outgoing network traffic. This vulnerability allows an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component, potentially leading to unauthorized access to sensitive data and system configuration.
You're affected if you use FortiProxy versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, or 7.2 all versions. To check if your instance is vulnerable, run the following command: grep -r "Automation Stitch" /etc/fortiproxy.conf
Note that FortiOS 7.4.0 through 7.4.7 and 7.2.0 through 7.2.11 are also affected, but the recommended fix is to upgrade to a fixed release.
Upgrade to FortiProxy 7.6.3 or above (follow this link for more information: https://docs.fortinet.com/upgrade-tool)
- For immediate mitigations:
- Restrict network access to your FortiProxy instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation