FortiGate and FortiProxy are enterprise-level network security appliances used to protect networks from cyber threats. The vulnerability in question allows an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests, potentially leading to unauthorized access to sensitive data.
You're affected if you use FortiOS 7.6.0 through 7.6.3 or FortiProxy 7.6.0 through 7.6.3. Check with: grep "domain fronting" /etc/config/fortiprop (Note: This command is specific to FortiOS and may not work for other versions of FortiProxy.)
Version info: Affected versions are listed in the vendor advisory, but it's unclear if there are any other versions that could be impacted. If you don't recognize FortiGate or FortiProxy, you're probably not affected.
Upgrade to FortiOS 7.6.4 or above (solution can be found on Fortinet's upgrade tool).
- Modify the domain-fronting setting to the new option "strict" for blocking Host header and SNI mismatch when using domain or IP.
config firewall profile-protocol-options
edit "test"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
set domain-fronting strict <----- new option (not default)
end
ne
end
Immediate mitigations:
- Restrict network access to your FortiGate/Proxy instance (firewall it from the public internet).
- Audit admin account activity for suspicious access patterns.
- Monitor for unauthorized token creation.