Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jmiezitis
New Contributor II

Clarity for PSIRT advisory FG-IR-23-446

Please advise if the vulnerability affects forwarded traffic or only local traffic to the fortigate.

Any advice on workarounds would be appreciated as well.

Thank you.

6 REPLIES 6
DPadula
Staff
Staff

Hi jmiezitis, 

 

You can check the link: https://www.fortiguard.com/psirt/FG-IR-23-446

You need to upgrade your device, as advised. 

jmiezitis
New Contributor II

The advice is to upgrade to a "feature" version we are running "mature" and previous Fortinet advice has been to run "mature" versions in production environments.

Thoughts?

DPadula

 

Fortinet recommends to use the mature version as you mentioned but on this case a vulnerability was discovered on it, so to fix you need to upgrade to a feature version and the feature version has the fix for FG-IR-23-446

On link sent the severity of this vulnerability is marked as low, you are the right person, once you know your environment to decided if you should take the risk of running a mature version affected by FG-IR-23-446 or upgrade to a feature version that has a fix for it. 

 

If you feel that you need some help Fortinet TAM team offers a service called software upgrade recommendation (with bug scrub). That might be what you are looking for. 
Here is a link that explain those services: https://community.fortinet.com/t5/Customer-Service/Technical-Tip-Support-Portal-Advanced-Services-Re...

jmiezitis
New Contributor II

I accept that it is a decision I need to make however I need more information to be able to make that call.

 

Does the vulnerability affect forwarded traffic or only local traffic to the fortigate?

jmiezitis
New Contributor II

After spending a lot of time looking into this I think the clarification I need is around the terminology "IP blocklist".  Is this specifically referring to "External Connector/IP Address" feeds?

DPadula

Hi jmiezitis,

I believe is just the list of IP that is blocked does not matter how (local-in policy or normal firewall policy). I requested a clarification to our internal team regarding your previous question but I haven't heard yet. If you have access to Fortinet support, just raise a ticket, this will speed up the process. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors