PSIRT Advisory
Improper check for certificate revocation vulnerability
Summary
Certificates taken out of service could potentially be improperly re-used.
Impact detail
Fortinet has already taken steps to mitigate the risk; to be clear however, pursuant to this CRITICAL-level alert, Fortinet strongly recommends that customers upgrade the identified customer-side mitigations as shown under “Solutions” below.
Impact
Certificates taken out of service could potentially be improperly re-used
Affected Products
FortiOS 6.2.0
FortiOS 6.0.5 and below
FortiOS 5.6.9 and below
FortiOS 5.4.11 and below
FortiOS 5.2.13 and below
FortiManager 6.2.0
FortiManager 6.0.5 and below
FortiManager 5.6.8 and below
FortiManager 5.4.6 and below
FortiAnalyzer 6.2.0
FortiAnalyzer 6.0.5 and below
FortiAnalyzer 5.6.8 and below
FortiAnalyzer 5.4.6 and below
Solutions
NOTE: THE SEVERITY MEANS IT IS CRITICAL THAT CUSTOMERS IMMEDIATELY IMPLEMENT THE FIRMWARE UPDATE AND SIGNATURE UPDATE.
Fortinet is automatically implementing an IPS signature update for FortiOS to mitigate the risk and help protect customers.
In addition, it is strongy advised that customers apply the software update located at: https://support.fortinet.com The software should be updated manually: I.e., go to https://support.fortinet.com, download the appropriate firmware version, above, and install it on your device (via tftp, USB drive, etc.).
FortiOS 6.2.1
FortiOS 6.0.6
FortiOS 5.6.10
FortiOS 5.4.12
FortiOS 5.2.14
FortiManager 6.2.1
FortiManager 6.0.6
FortiManager 5.6.9
FortiManager 5.4.7
FortiAnalyzer 6.2.1
FortiAnalyzer 6.0.6
FortiAnalyzer 5.6.9
FortiAnalyzer 5.4.7
If you need assistance, or if customers have experienced any indicators that may be suspicious or indicators of compromise please contact customer service at https://support.fortinet.com