Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
StephanG
New Contributor

Created on ‎04-24-2024 06:40 AM

Forticlient 7.2.2 with vulnerable OpenSSL Library DLLs in Path

Hi everyone,

we are using the free Forticlient 7.2.2.

Following versions do not have a security fix included (says Fortinet website and MS Defender vuln scan)

 

But in the path of the installation we have these DLLs:

 

2024-04-24_14h57_09.png

 

Defender says - exposed to:
CVE-2024-2511 CVE-2023-5678 CVE-2023-6237 CVE-2024-0727 CVE-2023-5363 CVE-2023-4807

 

We are now urged to update to 7.2.4 (which fixes this problem) but comes with another one. 

We are using SAML with Entra and if we install the newest version - the client stops at 40% and does not connect if we have more than 1 certificate in "personal certificates"

 

Question: Is the client vulnerable because the DLL is vulnerable? And if yes - why is there no info in the release notes of 7.2.4 then?

 

Best regards

Stephan

Labels:
151
0 Kudos
2 REPLIES 2
hbac
Staff
Staff

Created on ‎04-24-2024 06:52 AM

Hi @StephanG,

 

For information regarding vulnerabilities, please refer to https://www.fortiguard.com/encyclopedia/endpoint-vuln/76603

 

Regards, 

142
0 Kudos
StephanG
New Contributor
In response to hbac

Created on ‎04-24-2024 06:56 AM

This is what i found - but it does not mention a fix in 7.2.3+.

And as long as we cannot connect with 7.2.4 we cannot deploy it in our environment.
I see that there is already a thread for this behavior opened up:
Forticlient 7.2.4 trying to use certificates when ... - Page 3 - Fortinet Community
So we need to wait for the fix then.

137
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.