- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forticlient 7.2.2 with vulnerable OpenSSL Library DLLs in Path
Hi everyone,
we are using the free Forticlient 7.2.2.
Following versions do not have a security fix included (says Fortinet website and MS Defender vuln scan)
But in the path of the installation we have these DLLs:
Defender says - exposed to:
CVE-2024-2511 CVE-2023-5678 CVE-2023-6237 CVE-2024-0727 CVE-2023-5363 CVE-2023-4807
We are now urged to update to 7.2.4 (which fixes this problem) but comes with another one.
We are using SAML with Entra and if we install the newest version - the client stops at 40% and does not connect if we have more than 1 certificate in "personal certificates"
Question: Is the client vulnerable because the DLL is vulnerable? And if yes - why is there no info in the release notes of 7.2.4 then?
Best regards
Stephan
- Labels:
-
FortiClient
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @StephanG,
For information regarding vulnerabilities, please refer to https://www.fortiguard.com/encyclopedia/endpoint-vuln/76603
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is what i found - but it does not mention a fix in 7.2.3+.
And as long as we cannot connect with 7.2.4 we cannot deploy it in our environment.
I see that there is already a thread for this behavior opened up:
Forticlient 7.2.4 trying to use certificates when ... - Page 3 - Fortinet Community
So we need to wait for the fix then.