An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
Una vulnerabilidad de interpretación inconsistente de solicitudes HTTP ('contrabando de solicitudes HTTP') en Fortinet FortiOS 7.6.0, FortiOS 7.4.0 hasta 7.4.9, FortiOS 7.2 todas las versiones, FortiOS 7.0 todas las versiones, FortiOS 6.4.3 hasta 6.4.16 puede permitir a un atacante no autenticado contrabandear una solicitud HTTP no registrada a través de las políticas del cortafuegos mediante un encabezado especialmente diseñado.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | LOW |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-444
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| fortinet | fortios | * | <built-in method update of dict object at 0x7b06e9d69c00> | Operating System |
| fortinet | fortios | * | <built-in method update of dict object at 0x7b070be5ebc0> | Operating System |
| fortinet | fortios | 7.6.0 | <built-in method update of dict object at 0x7b070be5e840> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* |