Fortinet Fortigate Policy-based NGFW SSL VPN mode doesn't filter accesses via Bookmarks (FG-IR-22-381)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-381 advisory. - A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below...

CVE-2022-42469

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

Code injection

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

CVE-2022-42469

Fortinet CVE-2022-42469 corresp. to a permissive list of allowed inputs vulnerability in FortiGate Policy-based NGFW Mode. An authenticated SSL-VPN user could bypass policy via bookmarks in the FortiGate web portal on FortiGate versions 7.2.3 and below and 7.0.9 and below. The issue is addressed ...

Protect

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...