FMG - FGT tunnel security vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-055 Final 1 1 2017-02-08T00:00:00 Current version 2017-02-08T00:00:00 2017-02-08T00:00:00 FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure. FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure. Information disclosure FortiManager 5.0.6 to 5.2.7 and 5.4.0 to 5.4.1. Upgrade to FMG 5.2.8 and 5.4.2 Fortinet is pleased to thank the AirBus security team for reporting this vulnerability under responsible disclosure CVE-2016-8495 0 https://fortiguard.fortinet.com/psirt/FG-IR-16-055 FMG - FGT tunnel security vulnerability Reference>