PSIRT Advisories

FortiEDR - Hardcoded AES key enable disabling local Collector

Summary

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.

Affected Products

FortiEDR version 4.0.0
FortiEDR version 5.0.0 through 5.0.2

Solutions

Upgrade to FortiEDR version 5.0.3

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.