PSIRT Advisories

FortiOS - Improper verification of the user certificate's chain of trust in FortiGate when connecting to SSL-VPN

Summary

An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority.

Affected Products

FortiGate version 6.4.2 to 6.4.4.  
FortiGate versions 5.6.x, 6.0.x and 6.2.x, 6.4.0 and 6.4.1 are NOT impacted by this vulnerability.

Solutions

Please upgrade to FortiGate Version 6.4.5 or above.
Please upgrade to FortiGate Version 7.0.0.

Acknowledgement

Fortinet is pleased to thank María Teresa Muñoz Blanco from Vectoritcgroup for reporting this vulnerability under responsible disclosure.