FortiOS Static File Access Improper Authentication

MEDIUM (4.3) Patch Available
cwe-285fortinetfortiosfortiproxyimproperauthorizationstaticfileaccess

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 10%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Fortinet FortiGuard Labs discovered an improper authorization vulnerability in FortiOS and FortiProxy versions 7.4.0 through 7.4.1 and before 7.2.8, allowing authenticated attackers to access static files of others' Virtual Domains (VDoms) via crafted HTTP or HTTPS requests. This vulnerability can be exploited by sending a malicious request that bypasses the authentication mechanism for accessing static files.

Am I affected?

Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8, as well as FortiProxy version 7.4.0 through 7.4.8.
Check with: grep -r "static file access" /etc/config/fortios.conf (Note: This command is specific to FortiOS configuration files; if you don't recognize this, you're probably not affected.)

Affected Products

Fortinet / FortiOS

How to fix

  1. Upgrade to FortiOS version 7.6 or later.
  2. For FortiProxy:
  3. Upgrade to version 7.4.9 or above.
  4. Alternatively, migrate to a fixed release using the recommended upgrade path: https://docs.fortinet.com/upgrade-tool
  5. Immediate mitigations (if upgrade isn't possible):
  6. Restrict network access to your FortiOS and FortiProxy instances (firewall them from the public internet).
  7. Audit admin account activity for suspicious access patterns.
  8. Monitor for unauthorized token creation.

References