Executive Risk Summary
"A critical vulnerability in Fortinet FortiAnalyzer and FortiManager products allows an attacker with knowledge of the admin's password to bypass multifactor authentication checks via submitting multiple crafted requests. This vulnerability affects multiple versions of FortiAnalyzer and FortiManager, including FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, and FortiManager 7.6.0 through 7.6.3."
Operational Audit Arsenal
Manual Verification Required
This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.
Patch Impact Forecast
Moderate to High
Internal Work Notes
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Scope of Impact
Original NVD Description
"An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests."