Fortinet Certificate Revocation Vulnerability Advisory
This week, Fortinet announced a critical vulnerability on their SSL certificate revocation. Fortinet has strongly recommended that patching is carried out on the effected product sets.
Please see further information on this below:
Certificates taken out of service could potentially be improperly re-used.
Fortinet has already taken steps to mitigate the risk; to be clear however, pursuant to this CRITICAL-level alert, Fortinet strongly recommends that customers upgrade the identified customer-side mitigations as shown under “Solutions” below.
Certificates taken out of service could potentially be improperly re-used
Fortinet has advised that this is a Critical level alert.
- FortiOS 6.2.0
- FortiOS 6.0.5 and below
- FortiOS 5.6.9 and below
- FortiOS 5.4.11 and below
- FortiOS 5.2.13 and below
- FortiManager 6.2.0
- FortiManager 6.0.5 and below
- FortiManager 5.6.8 and below
- FortiManager 5.4.6 and below
- FortiAnalyzer 6.2.0
- FortiAnalyzer 6.0.5 and below
- FortiAnalyzer 5.6.8 and below
- FortiAnalyzer 5.4.6 and below
Fortinet has released a number of patches that will cover installed version of their affected firmware. Fortinet has advised that customers should implement the firmware and signature updates immediately.
For further information on this please see the link to the Vulnerability below: