Lack of certificate verification when establishing secure connections to external end-points Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-239 Final 1 1 2022-05-03T00:00:00 Current version 2022-05-03T00:00:00 2022-05-03T00:00:00 An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. None Information disclosure FortiOS version 6.0.0 through 6.0.14FortiOS version 6.2.0 through 6.2.10FortiOS version 6.4.0 through 6.4.8FortiOS version 7.0.0 Please upgrade to FortiOS version 7.0.1 or above.Please upgrade to FortiOS version 6.4.9 or above. CVE-2022-22306 4.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-21-239 Lack of certificate verification when establishing secure connections to external end-points Reference>