Fortinet FortiWeb is a web security appliance used to protect networks from cyber threats. This vulnerability allows an attacker to forge authentication cookies, potentially leading to unauthorized access to sensitive data and system configuration.
Fortinet FortiWeb is a web security appliance used to protect networks from cyber threats. This vulnerability allows an attacker to forge authentication cookies, potentially leading to unauthorized access to sensitive data and system configuration.
You're affected if you use A reliance on cookies without validation and. Affected versions: 7.0.11, 7.4.10, 7.6.5, 8.0.1, 7.2.11 If you don't recognise this software, you're probably not affected.
Upgrade to FortiWeb 8.0.2 or above from the official Fortinet website: https://support.fortinet.com/support/knowledgebase/Article/000088111
- Immediate mitigations:
- Restrict network access to your FortiWeb instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation