Unauthenticated Access to Protected Hosts via Crafted HTTP Requests in Fortinet FortiWeb

Unauthenticated Access to Protected Hosts via Crafted HTTP Requests in Fortinet FortiWeb

CVE-2021-36190 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.

Learn more about our Cis Benchmark Audit For Fortinet.