PSIRT Advisories

Improper check for certificate revocation vulnerability

Summary

Certificates taken out of service could potentially be improperly re-used. 

Impact detail

Fortinet has already taken steps to mitigate the risk; to be clear however, pursuant to this CRITICAL-level alert, Fortinet strongly recommends that customers upgrade the identified customer-side mitigations as shown under “Solutions” below.

Affected Products

FortiOS 6.2.0

FortiOS 6.0.5 and below

FortiOS 5.6.9 and below

FortiOS 5.4.11 and below

FortiOS 5.2.13 and below

FortiManager 6.2.0 

FortiManager 6.0.5 and below

FortiManager 5.6.8 and below

FortiManager 5.4.6 and below

FortiAnalyzer 6.2.0 

FortiAnalyzer 6.0.5 and below

FortiAnalyzer 5.6.8 and below

FortiAnalyzer 5.4.6 and below

Solutions

NOTE: THE SEVERITY MEANS IT IS CRITICAL THAT CUSTOMERS IMMEDIATELY IMPLEMENT THE FIRMWARE UPDATE AND SIGNATURE UPDATE.

Fortinet is automatically implementing an IPS signature update for FortiOS to mitigate the risk and help protect customers.   

In addition, it is strongy advised that customers apply the software update located at: https://support.fortinet.com  The software should be updated manually: I.e., go to https://support.fortinet.com, download the appropriate firmware version, above, and install it on your device (via tftp, USB drive, etc.).

FortiOS 6.2.1

FortiOS 6.0.6 

FortiOS 5.6.10 

FortiOS 5.4.12

FortiOS 5.2.14

FortiManager 6.2.1

FortiManager 6.0.6

FortiManager 5.6.9

FortiManager 5.4.7

FortiAnalyzer 6.2.1

FortiAnalyzer 6.0.6

FortiAnalyzer 5.6.9

FortiAnalyzer 5.4.7

If you need assistance, or if customers  have experienced any indicators that may be suspicious or indicators of compromise please contact customer service at https://support.fortinet.com