Fortinet FortiOS LDAP Authentication Bypass Vulnerability in Agentless VPN and FSSO

A vulnerability allowing authentication bypass in Fortinet FortiOS versions 7.6.0 to 7.6.4 has been identified. This vulnerability exists in the fnbamd component and may allow an unauthenticated attacker to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on the configuration of the remote LDAP server.

Impact

Exploitation of this vulnerability could lead to improper access control, allowing unauthorized users to bypass authentication mechanisms and potentially gain access to restricted resources or functionalities.

Remediation

Users can upgrade Fortinet FortiOS to version 7.6.5 or above. Fortinet provides an upgrade tool to assist with this process. As an additional step, unauthenticated binds can be disabled on the LDAP server. For example, in Windows Active Directory (from Windows Server 2019), this can be done using a PowerShell command to deny unauthenticated binds.