| IR Number | FG-IR-19-017 |
| Date | Nov 14, 2019 |
| Severity |
Medium |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2019-5587 |
| Affected Products |
FortiOS
:
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
FortiAnalyzer
:
6.2.0
FortiTester
:
3.5.0
FortiADC
:
5.2.2
FortiVoiceEnterprise
:
5.3.26, 5.3.25
FortiManager
:
6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
FortiAuthenticator
:
6.1.3, 6.1.2, 6.1.1, 6.1.0
FortiRecorder
:
2.7.1, 2.6.3
FortiDDoS-CM
:
5.1.0
FortiADCManager
:
5.2.1
FortiMail
:
6.0.4, 5.4.9
FortiProxy
:
1.1.5, 1.1.2, 1.0.6
FortiWAN
:
5.2.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
VM images lack an integrity check of the file system at boot time
Summary
VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before it is booted up) to inject malicious implants in the image.
Affected Products
FortiOS VM all versions below 6.0.5 (CVE-2019-5587)
FortiManager VM version 6.2.0, 6.0.6 and below (CVE-2019-6695)
Solutions
Upgrade to FortiOS VM versions 6.0.5 or 6.2.0
Upgrade to FortiManager VM versions 6.0.7 or 6.2.1
Workarounds:
Verify the VM images' integrity by comparing the SHA-512 checksum with the checksum indicated on https://support.fortinet.com/ (downloads section) for that image.
Revision History:
05-17-2019 Initial Version
07-15-2019 CVE-2019-6695 disclosed
11-14-2019 CVE-2019-6695 6.0 branch fixed.
Acknowledgement
Fortinet is pleased to thank Bart Dopheide, Axians for reporting CVE-2019-5587 and independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting CVE-2019-6695 under responsible disclosure.