PSIRT

FortiOS - Improper verification of the user certificate's chain of trust in FortiGate when connecting to SSL-VPN

Summary

An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority.

Affected Products

FortiGate version 6.4.2Â to 6.4.4.Â Â
FortiGate versions 5.6.x, 6.0.x and 6.2.x, 6.4.0 and 6.4.1 are NOT impacted by this vulnerability.

Solutions

Please upgrade to FortiGate Version 6.4.5 or above.
Please upgrade to FortiGate Version 7.0.0.

Acknowledgement

Fortinet is pleased to thank MarÃa Teresa MuÃ±oz Blanco from Vectoritcgroup for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-21-018
Date	Jun 1, 2021
Component	SSL-VPN
Severity	Medium
CVSSv3 Score	6.4
Impact	Impersonation
CVE ID	CVE-2021-24012
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

FortiOS - Improper verification of the user certificate's chain of trust in FortiGate when connecting to SSL-VPN

Summary

Affected Products

Solutions

Acknowledgement

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

About FortiGuard Labs

Partners

PSIRT

FortiOS - Improper verification of the user certificate's chain of trust in FortiGate when connecting to SSL-VPN

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center