Headline
CVE-2022-38381: Fortiguard
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.
** PSIRT Advisories**
FortiADC - WAF XSS Injection Bypass
Summary
An improper handling of malformed request vulnerability [CWE-228] in FortiADC may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.
Affected Products
FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5
FortiADC version 5.3.0 through 5.3.7
FortiADC version 5.2.0 through 5.2.8
FortiADC version 5.1.0 through 5.1.7
FortiADC version 5.0.0 through 5.0.4
Solutions
Please upgrade to FortiADC version 7.1.0 or above
Please upgrade to FortiADC version 7.0.3 or above
Please upgrade to FortiADC version 6.2.4 or above
Acknowledgement
Fortinet is pleased to thank Almas Zhurtanov and Tom Tervoort from Secura for bringing this issue to our attention under responsible disclosure.