Early Access — Mondoo Vulnerability Intelligence is currently in preview.
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:NI:LA:N4.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NOther