Evasion by manipulating MIME attachment

Summary

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines may allow

an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Affected Products

FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.6
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiMail 7.2 all versions are not affected
FortiMail version 7.0.0 through 7.0.2
FortiMail version 6.4.0 through 6.4.6
FortiMail 6.2 all versions
FortiMail 6.0 all versions
AV Engine 6.4 all versions are not affected
AV Engine 6.2 all versions are not affected
AV Engine 6.0 all versions are not affected
AV Engine 6 all versions
AV Engine 4.4 all versions
AV Engine 2.0 all versions
AV Engine 0.4 all versions

Solutions

Please upgrade AV engine to version 6.00169 or above.
Please upgrade AV engine to version 6.00275 or above.

Please upgrade to FortiMail version 7.2.0 or above
Please upgrade to FortiMail version 7.0.3 or above
Please upgrade to FortiMail version 6.4.7 or above

Please upgrade to FortiOS version 7.0.8 or above.
Please upgrade to FortiOS version 7.2.2 or above.

Please upgrade FortiOS AV engine to version 6.00169 or above.
Please upgrade FortiOS AV engine to version 6.00275 or above.

Following AV engine are affected:

FortiOS running AV engine version 6.00168 and below.
FortiOS running AV engine version 6.00274 and below.

FortiMail running AV engine version 6.00168 and below.
FortiMail running AV engine version 6.00274 and below.

FortiClient running AV engine version 6.00168 and below.
FortiClient running AV engine version 6.00274 and below.

Timeline

2022-11-01: Initial publication