Troubleshooting Tip: FortiGate GUI Displays Critical Vulnerability Alert Despite Workaround Applied

The warning is generated by Fortinet’s Security Rating feature, which assesses vulnerability exposure solely based on the FortiGate firmware version and does not take applied workarounds into account. As a result, the GUI alert is triggered whenever the installed firmware falls within a vulnerable version range.

If upgrading to a non-affected FortiOS version is not currently feasible and the warning needs to be suppressed, automatic Security Rating checks can be disabled and the existing vulnerability results cleared by following the steps below.

To disable automatic Security Rating checks via the CLI:

FortiOS v7.4 and below:

config system global
    set security-rating-run-on-schedule disable
end

To clear the vulnerability result, run the following command:

diagnose report-runner vuln-clean

FortiOS v7.6 and above:

diagnose report-runner-v2 security-rating clean

Note:

The vulnerability cleanup commands provided above will clear the current upgrade warning. However, if FortiOS becomes exposed to a newly discovered vulnerability, the warning banner will reappear with the updated vulnerability notification.

Important note:

Disabling automatic Security Rating checks is not recommended and should be done with caution. If this feature is disabled, it is strongly recommended to run Security Rating checks manually on a regular basis.
manually trigger a Security Rating check by navigating to Security Fabric -> Security Rating -> Run Now. Or, use the CLI command 'diagnose report-runner trigger'.

Alternatively, use an automation stitch with a CLI script action to schedule running of security checks and receive output via email. Refer to this article for a configuration guide: Technical Tip: Configuring CLI script for Automation under Security Fabric to receive email.

Related document:

• Administrative FortiCloud SSO authentication bypass
• One-time upgrade prompt when a critical vulnerability is detected upon login