- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Inquiry on Forticlient Self-Detected Vulnerabilities
Good morning,
Since 1 week ago, Forticlient EMS is reporting vulnerabilities in some Forticlient's own DLL libraries, as you can see in the attached screenshot:
We find it quite strange that Forticlient detects itself as vulnerable, when there is no new version of Forticlient.
We need some indication of how to proceed and why this vulnerability is being detected.
Thank you very much and best regards,
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
today I received answer on this problem:
This vulnerability is related to OpenSSL libraries used in FortiClient.
These OpenSSL libraries currently have a vulnerability, and will be upgraded to fix the vulnerability issue in the upcoming 7.4.1 GA release.
FortiClient 7.4.1 is scheduled to be released at the start of August 2024.
All dates are subject to change.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Marthen
Thank you for your response. I've noticed that several applications use this library. Until the update is released, we need to find a way to minimize this risk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
then you need to resolve it per application, since OpenSSL has continuously some vulnerabilities there will always some alerts because other vendors also didn't fix it asap. In my case I had 4 different openssl library versions in different apps.
Or you can try it to manually replace dlls with latest one and check if apps works if you think it's critical to mitigate risk.