with only one weird bugfix in the release notes:
529745 FortiOS 5.4.11
is no longer vulnerable to the following CVEReference: l CVE-2018-1338
https://docs.fortinet.com.../fortios-release-notes
sudo apt-get-rekt
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Beware, as this release has a major bug in SSL VPN. When uer is in multiple groups that grants different access in SSL VPN, only the first group is working. For example:
User x is in group vpn_a, and vpn_b, group vpn_a grants access to 1.1.1.1 and group vpn_b grants access to 2.2.2.2. After upgrading to 5.6.9, user can no longer access 2.2.2.2. After removing him from vpn_a group he can access 2.2.2.2 again.
Once again - our VPN gateway is broken after upgrade.
When it will be fixed? In 6 months? or 7? So I must live with vulnerable VPN till then?
Seriously, I don't have words for fortinets' QA. Because it does not exist!
I don't get this release. Only bug fix is:
529745 FortiOS 5.4.11 is no longer vulnerable to the following CVE Reference: CVE-2018-13382
Not sure how a 5.4.11 fix applies going from 5.6.8 to 5.6.9.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
The 5.4.11 reference is a typo. It should read 5.6.9. You have an outdated copy of the release notes. Download the document again.
OK but anyway: where to find exact description/information about that CVE? I'm not finding any...
F.
indeed there is no CVE Record for: CVE-2018-1338
maybe another typo?
sudo apt-get-rekt
the_giraffe_that_wasnt_president wrote:No typo.indeed there is no CVE Record for: CVE-2018-1338
maybe another typo?
It's simply been reported as "responsible disclosure".
I applied this update on numerous 100D and 200D. No issues.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
ddskier wrote:Of course no issues - it's a fix for one CVE (if you want to know about the details, ask your Fortinet representative).I applied this update on numerous 100D and 200D. No issues.
F.
Hello,
I am also interesting for Upgrade details and Release notes are for me primary source of knowledge about upgrade. When you look on any firmware upgrade cookbook released by Fortinet there is: make a backup and read the release notes. That why last time I am really dissapointed about 'quality' of release notes. On firmware 5.6.9 release notes was typo with 5.4.11 firmware version and NO informations about what is CVE-2018-13382.....
Yesterday was 5.4.11 release with this same CVE-2018-13382..... and guess what? still no info about that CVE. I checked on the mitre.org and just info about reservation.... So i decided to chat with technican from Fortinet. I wasted 20 minutes on queue and I received following information:
########
The vulnerability is about: SSL VPN user password modified. Currently, the CVE is reserved but not published. You should be able to find additional information with that on our PSIRT page [link]https://fortiguard.com/psirt[/link] once the information has been published. ########
I checked also PSIRT (https://fortiguard.com/psirt) and guess what? no info!
then technican said: it is not been updated yet!
So feel free to add more infos about that when you find out more details :)
Cheers!
Hi.
You got exactly the same information as I did - but I had only to write an email to my local Fortinet SE this time :)
Just wait and see...
F.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.