=====================================================================

                            CERT-Renater

                    Note d'Information No. 2021/VULN102
____________________________________________________________________

DATE                : 02/03/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : FortiOS.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-20-091
_____________________________________________________________________

IR Number 	FG-IR-20-091
Date 	        Mar 1, 2022
CVSSv3 Score 	2.6
Impact 	        Improper access control
CVE ID   	CVE-2020-15936

FortiOS - Bypassing FortiGate security profiles via SNI in Client Hello


Summary

An exposure of sensitive information to an unauthorized actor 
vulnerability [CWE-200] in FortiOS may allow a privileged attacker to 
disclose sensitive information via SNI Client Hello TLS packets.

  Affected Products

FortiOS version 6.4.3 and below
FortiOS version 6.2.5 and below
FortiOS version 6.0.11 and below
  Solutions

Given that there is no systematic way to detect all exfiltration 
attempts and to exhaustively enumerate all possibilities offered by 
exfiltration channels, Fortinet has addressed the issue by releasing a 
set of signatures:

     Python/SNICat.A!exploit
     https://www.fortiguard.com/encyclopedia/virus/10069638

     SNIcat.Data.Exfiltration.Tool
     https://www.fortiguard.com/encyclopedia/ips/50952

  References

 
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212


=========================================================
+ CERT-RENATER      | tel : 01-53-94-20-44              +
+ 23/25 Rue Daviel  | fax : 01-53-94-20-41              +
+ 75013 Paris       | email:cert@support.renater.fr     +
=========================================================