FortiOS - Missing certificate CN/SAN validation leads to information disclosure
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
FortiGate version 7.0.1 and below.
FortiGate version 6.4.6 and below.
FortiGate version 6.2.9 and below.
Please upgrade to FortiGate version 7.0.2 or above.
Please upgrade to FortiGate version 6.4.7 or above.
Please upgrade to FortiGate version 6.2.10 or above.