An improper certificate validation vulnerability [CWE-295] in FortiOS may allow an unauthenticated attacker in a Man-in-the-Middle position to decipher and alter the FortiLink communication channel between the FortiOS device and a FortiSwitch instance.
|7.4.0 through 7.4.1
|Upgrade to 7.4.2 or above
|7.2.0 through 7.2.6
|Upgrade to 7.2.7 or above
|7.0 all versions
|Migrate to a fixed release
AcknowledgementFortinet is pleased to thank Christian Hilgers from Indevis for reporting this vulnerability under responsible disclosure.
2024-02-08: Initial publication