FortiSOAR Unverified Password Change Vulnerability

MEDIUM (6.8) Patch Available
cwe-620authentication-bypasscloud-platformfortinetfortisoorpassword-hacking

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 12%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

FortiSOAR is a cloud-based platform for automating and streamlining IT processes. This vulnerability allows an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password, potentially leading to unauthorized access to sensitive data.

Am I affected?

Affected versions: 7.5.1, 7.6.2 If you don't recognise this software, you're probably not affected.

Affected Products

Fortinet / FortiSOAR

How to fix

  1. Upgrade to FortiSOAR 7.6.3 or above.
    • Solution: https://support.fortinet.com/fortios/ReleaseNotes/700
  2. Immediate mitigations:
    • Restrict network access to your FortiSOAR instance (firewall it from the public internet)
    • Audit admin account activity for suspicious access patterns
    • Monitor for unauthorized token creation

References