FG-IR-24-111 Solution Coming?

Forum|Forum|1 year ago
April 15, 2025
2 replies
1922 views

I've been watching this alert to see if a solution is posted for the version we are running. I'm wondering though if the note for versions below 7.6 means that the only solution for them is to migrate to 7.6 or if there is a fixed version of the earlier versions in the works.

FortiGate

Toshi_Esumi

SuperUser

Can't tell at this moment only with this info. You wouldn't get the answer you're looking for unless you open a TAC case and ask "if the vulnerability fix would be included in 7.x.x" specifically and press them hard you need it. Then TAC would ask Eng/DEV if the fix is planned with 7.x.x, or not.
Since the severity is low, my guess is it wouldn't be included in 6.4.x at least.

Toshi

jwadeAuthor

New Member

Thanks.I'm on a 7.0.x release and so figure it may be time to move up anyway. I thought about doing a TAC case, but decided to post here first so any response/info would be shared with all.

The Low severity is good, but the breadth of it, affecting every (current) version below 7.6 is a bit concerning.

sjoshi

Staff

Hi Jwade,

Internal Mantis has already been open with the development team.

Currently the fix is in v7.6.0.

The fix on v7.2, v7.4 is yet to be confirmed by the development team

Thanks, Salon

pminarik

Staff

The abuse scenario is a malicious FortiGate administrator with read-write access to "config user ldap" changing the configuration so that the LDAP server IP address points to an IP they control, in order to capture the LDAP service account credentials from a received bindRequest.

Is this a valid concern for you?

From one point of view, you could argue that an administrator with read-write permissions to "config user ldap" by definition has been given access to that config section, password included.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded