Skip to main content
boneyard
boneyard
Valued Contributor
July 25, 2019
Question

FG-IR-19-144 more information available?

  • July 25, 2019
  • 2 replies
  • 5962 views

https://fortiguard.com/psirt/FG-IR-19-144

https://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD45293

 

How are people acting on this? Are you upgrading / have already upgraded? How have you upgraded?

 

The advisory is quite vague in explanation of the issue and quite strong in the advise to upgrade NOW in my opinion. If it just involves a failure to properly check revoked certificates then that would mainly affect client cert authentication (yes it affects server certificates but exploits there would involve some man in the middle magic). Which you can easily check if you use it and then don't choose to upgrade. but if it would be just that i can't imagine a advisory of this level.

 

Next to that the interesting line on the manual upgrade. Mentioning TFTP and USB, but not mentioning HTTPS (regular file upload), so is that OK or not. Why would you omit the most common way (next to download from FortiGuard) if it is allowed.

 

PS: I have a ticket with support open, but looking for community input.

    2 replies

    gurumul
    gurumul
    New Member
    July 25, 2019

    Pretty bad description indeed. Could be OCSP, CRL request ... or updates to FortiGuard Servers ... or ...

     

    How can an administrator decide to upgrade or not based on the provided information?

     

    Thanks for providing us your ticket output.

    FortiOSman
    FortiOSman
    New Member
    July 25, 2019

    Bump

    FortiOSman
    FortiOSman
    New Member
    July 25, 2019

    It looks like one of their workarounds is the IPS signature, and looking into that sig, they specify revoked Fortinet certificates.  So I would assume as long as you arent using Fortinet certs for anything you should be fine. 

     

    I wont be rushing to upgrade for this. 

     

    https://fortiguard.com/encyclopedia/ips/48207

    boneyard
    boneyardAuthor
    Valued Contributor
    July 26, 2019

    the whole situation feels kinda weird. critical bulletin, but medium IPS signature.

     

    support did say it only involves Fortinet certificates indeed. they also indicated it mainly revolving about authentication with certificates.

     

    still if that is it, why the critical bulletin, don't get it.

    Terms & ConditionsAccessibility statement