CVE-2022-42469

Name of the Vulnerable Software and Affected Versions FortiGate versions 7.2.3 and below FortiGate versions 7.0.9 and below

Description The issue is related to a permissive list of allowed inputs, which may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal. This is associated with shortcomings in the access control list (ACL) in FortiOS, the operating system of FortiGate firewalls. Exploitation of this issue could enable a remote attacker to bypass existing access restrictions.

Recommendations For FortiGate versions 7.2.3 and below, update to a version above 7.2.3 to resolve the issue. For FortiGate versions 7.0.9 and below, update to a version above 7.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the web portal or disabling the use of bookmarks for authenticated SSL-VPN users until a patch is available.