Hardcoded cryptographic key in the FortiGuard services communication protocol

Summary

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard servers by decrypting these messages.

Affected Products

All versions below FortiOS 6.0.8
All versions below FortiOS 5.6.12
All versions below FortiClientWindows 6.2.0
All versions below FortiClientMac 6.2.2

Solutions

Upgrade to FortiOS 6.0.8 and upper version or 5.6.12 then manually change the configuration to use TLS as communication protocol with FortiGuard servers after upgrade (see https://docs.fortinet.com/document/fortigate/6.0.8/fortios-release-notes/901852/fortiguard-protocol-and-port-number) or do a fresh install to get the new default which is the TLS based system. For AV communication exposure on FortiOS 6.0 and above; the only impact is if outbreak protection is enabled in the antivirus profile settings. This is the only part of AV which makes a real-time FortiGuard request. Upgrade to FortiClientWindows 6.2.0 or FortiClientMac 6.2.2 then change EMS configuration in the Endpoint Profile to use "FortiGuard Anycast". The new option is provided for Web Filter tab, as well as System Settings tab.

Acknowledgement

Fortinet is pleased to thank Stefan Viehböck - SEC Consult Vulnerability Lab for reporting this under responsible disclosure.