FortiIsolator -- Unauthorized user able to regenerate CA certificate


An improper access control vulnerability [CWE-284] in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.

Affected Products

FortiIsolator versions 2.3.2 and below.


Please upgrade to FortiIsolator version 2.3.3 or above.
Please upgrade to FortiIsolator version 2.4.0 or above.


Fortinet is pleased to thank Danilo Costa from Conviso Application Security for reporting this vulnerability under responsible disclosure.