Hi everyone,
we are using the free Forticlient 7.2.2.
Following versions do not have a security fix included (says Fortinet website and MS Defender vuln scan)
But in the path of the installation we have these DLLs:
Defender says - exposed to:
CVE-2024-2511 CVE-2023-5678 CVE-2023-6237 CVE-2024-0727 CVE-2023-5363 CVE-2023-4807
We are now urged to update to 7.2.4 (which fixes this problem) but comes with another one.
We are using SAML with Entra and if we install the newest version - the client stops at 40% and does not connect if we have more than 1 certificate in "personal certificates"
Question: Is the client vulnerable because the DLL is vulnerable? And if yes - why is there no info in the release notes of 7.2.4 then?
Best regards
Stephan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @StephanG,
For information regarding vulnerabilities, please refer to https://www.fortiguard.com/encyclopedia/endpoint-vuln/76603
Regards,
This is what i found - but it does not mention a fix in 7.2.3+.
And as long as we cannot connect with 7.2.4 we cannot deploy it in our environment.
I see that there is already a thread for this behavior opened up:
Forticlient 7.2.4 trying to use certificates when ... - Page 3 - Fortinet Community
So we need to wait for the fix then.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.