Fortinet PSIRT Advisory FG-IR-18-100

Forum|Forum|6 years ago
November 26, 2019
1 reply
17597 views

Hello Fortinet users,

have you read https://fortiguard.com/psirt/FG-IR-18-100 and https://seclists.org/bugtraq/2019/Nov/38 already?

The author of the vulnerability suggests that all information of traffic that is analyzed by "FortiGuard AntiVirus", "FortiGuard AntiSpam" and "FortiGuard Web Filter" is being transfered to Fortinet´s server => really?

There is no limitation mentioned on the homepage of the author, i.e. "FortiCloud logging enabled".

We currently use: - Fortigate Firewalls with FortiOS 6.0.7 - Web Rating Overrides - SSL inspection is enabled - Antivirus-Monitoring WITHOUT "FortiSandbox Cloud for Inspection" - Anti-Spam WITHOUT "Spam Submission" option We don´t use: - FortiCloud for logging So I´m ask myself if we were ever affected by this issue at all? Does someone knows more?

6.0

Best answer by boneyard

and kinda weird that the responsible disclosure seemed to have "waited" for the fix in 6.0.7 which then doesn't be the case, communication didnt go optimal here unfortunately.

hoping on that 6.0.x fix to make everyone at ease. the issue doesnt feel that bad, but you want it solved.

tanr

New Member

The PSIRT says 6.0.7 is still vulnerable, but the seclist says 6.0.7 is one of the "Solution" versions.

Anybody have a direct answer on this from Fortinet?

alex_buric

New Member

Solutions

Upgrade to FortiOS 6.2.0 Upgrade to FortiClientWindows 6.2.0 Upgrade to FortiClientMac 6.2.2

tanr

New Member

Yes, that's from the PSIRT, and in the seclist entry it says:

Solution: --------- The vendor provides updated versions for the affected products: * FortiOS 6.0.7 or 6.2.0 * FortiClientWindows 6.2.0 * FortiClientMac 6.2.2

Note that 6.2.x is not a solution for most. I don't consider it stable enough to use in production yet.

Solutions

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded