The author of the vulnerability suggests that all information of traffic that is analyzed by "FortiGuard AntiVirus", "FortiGuard AntiSpam" and "FortiGuard Web Filter" is being transfered to Fortinet´s server => really?
There is no limitation mentioned on the homepage of the author, i.e. "FortiCloud logging enabled".
We currently use:
- Fortigate Firewalls with FortiOS 6.0.7
- Web Rating Overrides
- SSL inspection is enabled
- Antivirus-Monitoring WITHOUT "FortiSandbox Cloud for Inspection"
- Anti-Spam WITHOUT "Spam Submission" option
We don´t use:
- FortiCloud for logging
So I´m ask myself if we were ever affected by this issue at all? Does someone knows more?
It looks like the 6.2.x GUI option under System / FortiGuard called "FortiGuard Filtering Protocol" has been back-ported to 6.0.8+. As Tanr noted and mentioned in the Upgrade Information of the release notes, you do have to set this manually (either by command line or in the GUI) to take advantage of secure FortiGuard communication if you are upgrading a config to 6.0.8. If you are starting with a fresh/new or factory-reset 6.0.8+ build, HTTPS is the new default instead of UDP.
"All FOS below 6.2.0 INCLUDING fos 6.0.7 are still affected with this vulnerability and the only available solution to mitigate this vulnerability for now would be to upgrade to FOS 6.2.0 onward. However, we have requested backport fix to have it included in FOS 6.0 but it is still under discussion with Engineering team."
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.