FortiOS - Improper verification of the user certificate's chain of trust in FortiGate when connecting to SSL-VPN
An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority.
Affected ProductsFortiGate version 6.4.2 to 6.4.4.
FortiGate versions 5.6.x, 6.0.x and 6.2.x, 6.4.0 and 6.4.1 are NOT impacted by this vulnerability.
Please upgrade to FortiGate Version 6.4.5 or above.
Please upgrade to FortiGate Version 7.0.0.