Description
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Unchanged
RL
X
RC
X
Affected products
- fortinet / fortimail7.4.0 – 7.4.0
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-23-439