An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.
2023-12-13T08:15:50.920
2024-11-21T08:30:24.973
Modified
CVSSv3.1: 3.1 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiproxy | ≤ 2.0.12 | Yes |
| Application | fortinet | fortiproxy | ≤ 7.0.9 | Yes |
| Application | fortinet | fortiproxy | ≤ 7.2.3 | Yes |
| Operating System | fortinet | fortios | ≤ 6.4.14 | Yes |
| Operating System | fortinet | fortios | ≤ 7.0.13 | Yes |
| Operating System | fortinet | fortios | 7.2.0 | Yes |