Fortinet FortiOS and FortiProxy Authentication Vulnerability Allowing Login with Invalid PKI Certificates

A vulnerability exists in Fortinet FortiOS versions 7.6.0 to 7.6.1, 7.4.0 to 7.4.5, 7.2.0 to 7.2.10, and prior to 7.0.16, as well as FortiProxy versions 7.6.0 to 7.6.1, 7.4.0 to 7.4.8, 7.2.0 to 7.2.13, and prior to 7.0.20. This vulnerability, classified as a missing critical step in authentication (CWE-304), allows an API user to log in using an API key and a PKI user certificate, even if the certificate is invalid.

Impact

Exploitation of this vulnerability could lead to improper access control, allowing unauthorized users to gain access by exploiting the invalid certificate authentication flaw.

Remediation

Users can upgrade Fortinet FortiOS to versions 7.6.3, 7.4.6, 7.2.11, or 7.0.17, depending on their current version. Fortinet FortiProxy users should upgrade to versions 7.6.2, 7.4.9, 7.2.14, or 7.0.21, based on their existing version. Consult the Fortinet upgrade tool for guidance.