Fortinet Certificate Revocation Vulnerability Advisory
This week, Fortinet announced a critical vulnerability on their SSL certificate revocation. Fortinet has strongly recommended that patching is carried out on the effected product sets.
Please see further information on this below:
Summary
Certificates taken out of service could potentially be improperly re-used.
Impact detail
Fortinet has already taken steps to mitigate the risk; to be clear however, pursuant to this CRITICAL-level alert, Fortinet strongly recommends that customers upgrade the identified customer-side mitigations as shown under “Solutions” below.
Impact
Certificates taken out of service could potentially be improperly re-used
Fortinet has advised that this is a Critical level alert.
Affected Products
- FortiOS 6.2.0
- FortiOS 6.0.5 and below
- FortiOS 5.6.9 and below
- FortiOS 5.4.11 and below
- FortiOS 5.2.13 and below
- FortiManager 6.2.0
- FortiManager 6.0.5 and below
- FortiManager 5.6.8 and below
- FortiManager 5.4.6 and below
- FortiAnalyzer 6.2.0
- FortiAnalyzer 6.0.5 and below
- FortiAnalyzer 5.6.8 and below
- FortiAnalyzer 5.4.6 and below
Solutions
Fortinet has released a number of patches that will cover installed version of their affected firmware. Fortinet has advised that customers should implement the firmware and signature updates immediately.
More Information
For further information on this please see the link to the Vulnerability below: