An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
FortiOS versions 7.0.3 and below. FortiOS versions 6.4.8 and below, FortiOS 6.2 all versions FortiOS 6.0 all versions
FortiWeb 6.4 all versions FortiWeb versions 6.3.16 and below, FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions
FortiProxy versions 7.0.1 and below, FortiProxy versions 2.0.7 and below, FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions
FortiSwitch versions 7.0.3 and below, FortiSwitch versions 6.4.10 and below, FortiSwitch 6.2 all versions FortiSwitch 6.0 all versions
Upgrade to FortiOS version 7.0.4 or above. Upgrade to FortiOS version 6.4.9 or above.
Upgrade to FortiWeb version 7.0.0 or above. upgrade to FortiWeb version 6.3.17 or above.
Upgrade to FortiProxy version 7.0.2 or above. Upgrade to FortiProxy version 2.0.8 or above.
Upgrade to FortiSwitch version 7.2.0 or above. Upgrade to FortiSwitch version 7.0.4 or above. Upgrade to FortiSwitch version 6.4.11 or above.