Good morning,
Since 1 week ago, Forticlient EMS is reporting vulnerabilities in some Forticlient's own DLL libraries, as you can see in the attached screenshot:
We find it quite strange that Forticlient detects itself as vulnerable, when there is no new version of Forticlient.
We need some indication of how to proceed and why this vulnerability is being detected.
Thank you very much and best regards,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
today I received answer on this problem:
This vulnerability is related to OpenSSL libraries used in FortiClient.
These OpenSSL libraries currently have a vulnerability, and will be upgraded to fix the vulnerability issue in the upcoming 7.4.1 GA release.
FortiClient 7.4.1 is scheduled to be released at the start of August 2024.
All dates are subject to change.
Hi, Marthen
Thank you for your response. I've noticed that several applications use this library. Until the update is released, we need to find a way to minimize this risk.
then you need to resolve it per application, since OpenSSL has continuously some vulnerabilities there will always some alerts because other vendors also didn't fix it asap. In my case I had 4 different openssl library versions in different apps.
Or you can try it to manually replace dlls with latest one and check if apps works if you think it's critical to mitigate risk.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.