FortiEDR - Insecure RSA key transport


A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.

Affected Products

FortiEDR version 4.0.0
FortiEDR version 5.0.0 through 5.0.2


Upgrade to FortiEDR version 5.0.3.


Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.