3rd party component upgrade required for security reasons: OpenSSL Security Advisory [26 Jan 2017] Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-019 Final 1 1 2018-07-13T00:00:00 Current version 2018-07-13T00:00:00 2018-07-13T00:00:00 The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as listed below: Truncated packet could crash via OOB read (CVE-2017-3731)Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)Montgomery multiplication may produce incorrect results (CVE-2016-7055) Denial of service FortiOS versions 5.4.5 and below are impacted by CVEs:CVE-2017-3732CVE-2016-7055FortiAnalyzer versions 5.4.2 and below are impacted by CVEs:CVE-2017-3731CVE-2017-3732FortSwitch versions 3.5.2 and below are impacted by CVEs:CVE-2017-3731CVE-2017-3732CVE-2016-7055FortiAP versions 5.4.2 and below are potentially impacted by these CVEs:CVE-2017-3731CVE-2016-7055 For FortiOS: Upgrade to firmware version at least 5.4.6, 5.6.0For FortiAnalyzer: Upgrade to firmware version at least 5.4.3 or 5.6.0For FortiSwitch: Upgrade to firmware version at least 3.5.3 or 3.6.0For FortiAP: Upgrade to firmware version at least 5.4.3 or 5.6.0 https://fortiguard.fortinet.com/psirt/FG-IR-17-019 3rd party component upgrade required for security reasons: OpenSSL Security Advisory [26 Jan 2017] https://www.openssl.org/news/secadv/20170126.txt https://www.openssl.org/news/secadv/20170126.txt CVE-2016-7055 CVE-2017-3730 CVE-2017-3731 CVE-2017-3732 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-17-019 3rd party component upgrade required for security reasons: OpenSSL Security Advisory [26 Jan 2017] Reference> https://www.openssl.org/news/secadv/20170126.txt https://www.openssl.org/news/secadv/20170126.txt