PSIRT Advisory

ROCA: Vulnerable RSA key pairs generation (CVE-2017-15361)

Summary

An old Infineon RSA library does not properly generate RSA key pairs, therefore enabling an attacker to potentially infer a private key from a public key.

Impact

Breaking RSA encryption

Affected Products

The following Fortinet products are NOT affected:

FortiOS
FortiSwitch
FortiAP
FortiAnalyzer
FortiMail
fortiManager
FortiWeb
FortiToken
FortiAuthenticator

None of the products above are using the affected Infineon RSA library or TPM chips.