Fortinet FortiOS and FortiProxy Improper Certificate Validation Vulnerability in ZTNA Proxy

A vulnerability allowing improper validation of certificates with host mismatches has been identified in Fortinet FortiOS and FortiProxy. This issue affects FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, and 7.0 all versions, as well as FortiProxy versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2 all versions, and 7.0 all versions. The vulnerability may allow an unauthenticated attacker in a man-in-the-middle position to intercept and tamper with connections to the ZTNA proxy.

Impact

Exploitation of this vulnerability could lead to interception and manipulation of connections to the ZTNA proxy, allowing for unauthorized access or modifications.

Remediation

Users are advised to upgrade Fortinet FortiOS to versions 7.6.3, 7.4.9, or to migrate to a fixed release for versions 7.2 and 7.0. For Fortinet FortiProxy, users should upgrade to versions 7.6.2, 7.4.9, or migrate to a fixed release for versions 7.2 and 7.0.