CVE-2020-15938 : Security Advisory and Response

Fortinet FortiOS versions 6.4.2 and 6.2.5 are affected by a vulnerability that allows non-HTTP/S traffic to bypass the transparent proxy policy when passing through FortiGate on port 80/443.

Understanding CVE-2020-15938

This CVE involves a traffic bypass issue in Fortinet FortiOS versions 6.4.2 and 6.2.5.

What is CVE-2020-15938?

When non-HTTP/S traffic (e.g., SSH) goes through FortiGate below versions 6.2.5 and 6.4.2 on port 80/443, it is not directed to the transparent proxy policy due to the lack of a valid HTTP header.

The Impact of CVE-2020-15938

CVSS Base Score: 4 (Medium Severity)
Attack Complexity: High
Attack Vector: Network
Integrity Impact: Low
Scope: Changed
This vulnerability poses a moderate risk, allowing traffic to bypass security controls.

Technical Details of CVE-2020-15938

This section provides more technical insights into the CVE.

Vulnerability Description

The vulnerability allows non-HTTP/S traffic to evade the transparent proxy policy on FortiGate, potentially exposing the network to unauthorized access.

Affected Systems and Versions

Affected Product: Fortinet FortiOS
Affected Versions: 6.4.2, 6.2.5

Exploitation Mechanism

The issue arises when traffic other than HTTP/S passes through FortiGate on port 80/443 without a valid HTTP header, circumventing the transparent proxy policy.

Mitigation and Prevention

Protect your systems from CVE-2020-15938 with the following steps:

Immediate Steps to Take

Update Fortinet FortiOS to a patched version that addresses the vulnerability.
Monitor and restrict non-HTTP/S traffic to prevent bypassing security controls.

Long-Term Security Practices

Regularly review and update firewall policies to enhance network security.
Implement network segmentation to limit the impact of potential bypass attempts.

Patching and Updates

Apply patches provided by Fortinet to fix the vulnerability and prevent traffic bypass issues.