FortiOS & FortiProxy – Firewall deny policy bypass

Fortiguard Security Advisory

An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

READ MORE