Fortinet Certificate Revocation Vulnerability

Fortinet Certificate Revocation Vulnerability Advisory

This week, Fortinet announced a critical vulnerability on their SSL certificate revocation. Fortinet has strongly recommended that patching is carried out on the effected product sets.

Please see further information on this below:

Summary

Certificates taken out of service could potentially be improperly re-used.

Impact detail

Fortinet has already taken steps to mitigate the risk; to be clear however, pursuant to this CRITICAL-level alert, Fortinet strongly recommends that customers upgrade the identified customer-side mitigations as shown under “Solutions” below.

Impact

Certificates taken out of service could potentially be improperly re-used

Fortinet has advised that this is a Critical level alert.

Affected Products

• FortiOS 6.2.0
• FortiOS 6.0.5 and below
• FortiOS 5.6.9 and below
• FortiOS 5.4.11 and below
• FortiOS 5.2.13 and below
• FortiManager 6.2.0
• FortiManager 6.0.5 and below
• FortiManager 5.6.8 and below
• FortiManager 5.4.6 and below
• FortiAnalyzer 6.2.0
• FortiAnalyzer 6.0.5 and below
• FortiAnalyzer 5.6.8 and below
• FortiAnalyzer 5.4.6 and below

Solutions

Fortinet has released a number of patches that will cover installed version of their affected firmware. Fortinet has advised that customers should implement the firmware and signature updates immediately.

More Information

For further information on this please see the link to the Vulnerability below:

https://fortiguard.com/psirt/FG-IR-19-144