Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert

Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-502 Final 1 1 2023-04-11T00:00:00 Current version 2023-04-11T00:00:00 2023-04-11T00:00:00 An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. None Execute unauthorized code or commands FortiManager version 7.2.0 through 7.2.1FortiManager version 7.0.0 through 7.0.6FortiManager version 6.4.8 through 6.4.10FortiManager 6.2 all versions are not affectedFortiAnalyzer version 7.2.0 through 7.2.1FortiAnalyzer version 7.0.0 through 7.0.6FortiAnalyzer version 6.4.8 through 6.4.10FortiAnalyzer 6.2 all versions are not affected Please upgrade to FortiManager version 7.2.2 or abovePlease upgrade to FortiManager version 7.0.6 or abovePlease upgrade to FortiManager version 6.4.11 or abovePlease upgrade to FortiAnalyzer version 7.2.2 or abovePlease upgrade to FortiAnalyzer version 7.0.6 or abovePlease upgrade to FortiAnalyzer version 6.4.11 or above Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team. FortiAnalyzer 7.2.1 FortiAnalyzer 7.2.0 FortiAnalyzer 7.0.6 FortiAnalyzer 7.0.5 FortiAnalyzer 7.0.4 FortiAnalyzer 7.0.3 FortiAnalyzer 7.0.2 FortiAnalyzer 7.0.1 FortiAnalyzer 7.0.0 FortiAnalyzer 6.4.10 FortiAnalyzer 6.4.9 FortiAnalyzer 6.4.8 FortiManager 7.2.1 FortiManager 7.2.0 FortiManager 7.0.6 FortiManager 7.0.5 FortiManager 7.0.4 FortiManager 7.0.3 FortiManager 7.0.2 FortiManager 7.0.1 FortiManager 7.0.0 FortiManager 6.4.10 FortiManager 6.4.9 FortiManager 6.4.8 Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert CVE-2023-22642 FortiAnalyzer-7.2.1 FortiAnalyzer-7.2.0 FortiAnalyzer-7.0.6 FortiAnalyzer-7.0.5 FortiAnalyzer-7.0.4 FortiAnalyzer-7.0.3 FortiAnalyzer-7.0.2 FortiAnalyzer-7.0.1 FortiAnalyzer-7.0.0 FortiAnalyzer-6.4.10 FortiAnalyzer-6.4.9 FortiAnalyzer-6.4.8 FortiManager-7.2.1 FortiManager-7.2.0 FortiManager-7.0.6 FortiManager-7.0.5 FortiManager-7.0.4 FortiManager-7.0.3 FortiManager-7.0.2 FortiManager-7.0.1 FortiManager-7.0.0 FortiManager-6.4.10 FortiManager-6.4.9 FortiManager-6.4.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-22-502 Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert Reference>